diff --git a/.github/workflows/example-local.yaml b/.github/workflows/example-local.yaml index 9d53ce8b..d5414aaf 100644 --- a/.github/workflows/example-local.yaml +++ b/.github/workflows/example-local.yaml @@ -46,7 +46,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # ratchet:actions/checkout@v4.1.1 - name: Download build artifact - uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # ratchet:actions/download-artifact@v4.1.0 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # ratchet:actions/download-artifact@v4.1.4 - name: Generate some extra materials (this usually happens as part of the build process) run: | echo '[{"uri": "pkg:deb/debian/stunnel4@5.50-3?arch=amd64", "digest": {"sha256": "e1731ae217fcbc64d4c00d707dcead45c828c5f762bcf8cc56d87de511e096fa"}}]' > extra-materials.json diff --git a/.github/workflows/example-publish.yaml b/.github/workflows/example-publish.yaml index 3e07b6b6..299e3401 100644 --- a/.github/workflows/example-publish.yaml +++ b/.github/workflows/example-publish.yaml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download build artifact - uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # ratchet:actions/download-artifact@v4.1.0 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # ratchet:actions/download-artifact@v4.1.4 - name: Generate provenance uses: philips-labs/slsa-provenance-action@6b2fd198d38ba72fb3cc08fbc52da2ebaef2efad # ratchet:philips-labs/slsa-provenance-action@v0.9.0 with: