From 3c491c10769cfb47c9d0d0a4d72175abe69c78c8 Mon Sep 17 00:00:00 2001 From: Marc Ransome Date: Sun, 24 Mar 2024 21:09:57 +0000 Subject: [PATCH] Pin SLSA verifier to tag version --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8b9fbcc..7a9d4b4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -123,7 +123,7 @@ jobs: with: name: ${{ needs.build.outputs.sha256-filename-darwin-arm64 }} - name: Install SLSA verifier - uses: slsa-framework/slsa-verifier/actions/installer@7e1e47d7d793930ab0082c15c2b971fdb53a3c95 # v2.4.1 + uses: slsa-framework/slsa-verifier/actions/installer@v2.4.1 # Must specify version tag; see https://github.com/slsa-framework/slsa-verifier/issues/12 - name: Verify SLSA provenance env: CHECKSUMS: ${{ needs.combine-checksums.outputs.checksums }}