diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 50887c0..36a9f75 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -37,7 +37,7 @@ jobs: output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' - name: Install Cosign - uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1 + uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0 - name: Publish image id: publish-kyverno-notation-aws uses: ./.github/actions/publish-image @@ -62,7 +62,7 @@ jobs: packages: write # To upload assets to release. actions: read # To read the workflow path. # NOTE: The container generator workflow is not officially released as GA. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.7.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 with: image: ghcr.io/${{ github.repository_owner }}/kyverno-notation-aws digest: "${{ needs.publish-images.outputs.image-digest }}" @@ -82,7 +82,7 @@ jobs: uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0 - name: Install Cosign - uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1 + uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0 - name: Run GoReleaser uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 with: