Skip to content

Commit d3a889d

Browse files
renovate[bot]renovate[bot]
authored
⬆️👨‍💻 Update actions/attest-build-provenance action to v2.4.0 (#196)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/attest-build-provenance](https://redirect.github.com/actions/attest-build-provenance) | action | minor | `v2` -> `v2.4.0` | --- ### Release Notes <details> <summary>actions/attest-build-provenance (actions/attest-build-provenance)</summary> ### [`v2.4.0`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v2.4.0) [Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v2.3.0...v2.4.0) #### What's Changed - Bump undici from 5.28.5 to 5.29.0 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [#&#8203;633](https://redirect.github.com/actions/attest-build-provenance/pull/633) - Bump actions/attest from 2.3.0 to [2.4.0](https://redirect.github.com/actions/attest/releases/tag/v2.4.0) by [@&#8203;bdehamer](https://redirect.github.com/bdehamer) in [#&#8203;654](https://redirect.github.com/actions/attest-build-provenance/pull/654) - Includes support for the new well-known summary file which will accumulate paths to all attestations generated in a given workflow run **Full Changelog**: <actions/attest-build-provenance@v2.3.0...v2.4.0> ### [`v2.3.0`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v2.3.0) [Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v2.2.3...v2.3.0) #### What's Changed - Bump `actions/attest` from 2.2.1 to 2.3.0 by [@&#8203;bdehamer](https://redirect.github.com/bdehamer) in [#&#8203;615](https://redirect.github.com/actions/attest-build-provenance/pull/615) - Updates `@sigstore/oci` from 0.4.0 to 0.5.0 **Full Changelog**: <actions/attest-build-provenance@v2.2.3...v2.3.0> ### [`v2.2.3`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v2.2.3) [Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v2.2.2...v2.2.3) #### What's Changed - Pin actions/attest reference by commit SHA by [@&#8203;bdehamer](https://redirect.github.com/bdehamer) in [#&#8203;493](https://redirect.github.com/actions/attest-build-provenance/pull/493) **Full Changelog**: <actions/attest-build-provenance@v2.2.2...v2.2.3> ### [`v2.2.2`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v2.2.2) [Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v2.2.1...v2.2.2) #### What's Changed - Bump predicate action from 1.1.4 to 1.1.5 by [@&#8203;bdehamer](https://redirect.github.com/bdehamer) in [#&#8203;485](https://redirect.github.com/actions/attest-build-provenance/pull/485) - Bump [@&#8203;actions/attest](https://redirect.github.com/actions/attest) from 1.5.0 to 1.6.0 by [@&#8203;bdehamer](https://redirect.github.com/bdehamer) in [#&#8203;484](https://redirect.github.com/actions/attest-build-provenance/pull/484) - Update buildSLSAProvenancePredicate to populate `workflow.ref` field from the `ref` claim in the OIDC token ([actions/toolkit#1969](https://redirect.github.com/actions/toolkit/pull/1969)) **Full Changelog**: <actions/attest-build-provenance@v2.2.1...v2.2.2> ### [`v2.2.1`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v2.2.1) [Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v2.2.0...v2.2.1) #### What's Changed - Bump undici from 5.28.4 to 5.28.5 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [#&#8203;457](https://redirect.github.com/actions/attest-build-provenance/pull/457) - Bump [@&#8203;octokit/request-error](https://redirect.github.com/octokit/request-error) from 5.0.1 to 5.1.1 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [#&#8203;469](https://redirect.github.com/actions/attest-build-provenance/pull/469) - Bump [@&#8203;octokit/request](https://redirect.github.com/octokit/request) from 8.2.0 to 8.4.1 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [#&#8203;478](https://redirect.github.com/actions/attest-build-provenance/pull/478) - Bump actions/attest from 2.2.0 to 2.2.1 by [@&#8203;bdehamer](https://redirect.github.com/bdehamer) in [#&#8203;481](https://redirect.github.com/actions/attest-build-provenance/pull/481) - Includes `@actions/attest` [v1.6.0](https://redirect.github.com/actions/toolkit/blob/main/packages/attest/RELEASES.md#160) **Full Changelog**: <actions/attest-build-provenance@v2.2.0...v2.2.1> ### [`v2.2.0`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v2.2.0) [Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v2.1.0...v2.2.0) #### What's Changed - Bump actions/attest from v2.1.0 to v2.2.0 by [@&#8203;bdehamer](https://redirect.github.com/bdehamer) in [#&#8203;449](https://redirect.github.com/actions/attest-build-provenance/pull/449) - Includes support for now `subject-checksums` input parameter **Full Changelog**: <actions/attest-build-provenance@v2.1.0...v2.2.0> ### [`v2.1.0`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v2.1.0) [Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v2.0.1...v2.1.0) #### What's Changed - Update README w/ note about GH plans supporting attestations by [@&#8203;bdehamer](https://redirect.github.com/bdehamer) in [#&#8203;414](https://redirect.github.com/actions/attest-build-provenance/pull/414) - Add `attestation-id` and `attestation-url` outputs by [@&#8203;bdehamer](https://redirect.github.com/bdehamer) in [#&#8203;415](https://redirect.github.com/actions/attest-build-provenance/pull/415) **Full Changelog**: <actions/attest-build-provenance@v2.0.1...v2.1.0> ### [`v2.0.1`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v2.0.1) [Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v2...v2.0.1) #### What's Changed - Bump actions/attest from 2.0.0 to 2.0.1 by [@&#8203;bdehamer](https://redirect.github.com/bdehamer) in [#&#8203;406](https://redirect.github.com/actions/attest-build-provenance/pull/406) - Deduplicate subjects before adding to in-toto statement **Full Changelog**: <actions/attest-build-provenance@v2.0.0...v2.0.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/munich-quantum-toolkit/qusat). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJnaXRodWItYWN0aW9ucyJdfQ==--> Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent a1add53 commit d3a889d

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

.github/workflows/cd.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ jobs:
5353
path: dist
5454
merge-multiple: true
5555
- name: Generate artifact attestation for sdist and wheel(s)
56-
uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2
56+
uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
5757
with:
5858
subject-path: "dist/*"
5959
- uses: pypa/gh-action-pypi-publish@release/v1

0 commit comments

Comments
 (0)