⬆️ Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#321)

* ⬆️ Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@9614fae...e1523de) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump cosign to v2.2.3 --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Franssen <[email protected]>
philips-labs · Apr 5, 2024 · ce4c9af · ce4c9af
1 parent a42d84f
commit ce4c9af
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -87,9 +87,9 @@ jobs:
           cache: true
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # ratchet:sigstore/cosign-installer@v3.3.0
+        uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # ratchet:sigstore/cosign-installer@v3.4.0
         with:
-          cosign-release: 'v2.2.2'
+          cosign-release: 'v2.2.3'
 
       - name: Install Syft
         uses: anchore/sbom-action/download-syft@719133684c7d294116626d1344fe64f0d2ff3e9e # ratchet:anchore/sbom-action/[email protected]
@@ -153,9 +153,9 @@ jobs:
 
     steps:
       - name: Install cosign
-        uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # ratchet:sigstore/cosign-installer@v3.3.0
+        uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # ratchet:sigstore/cosign-installer@v3.4.0
         with:
-          cosign-release: 'v2.2.2'
+          cosign-release: 'v2.2.3'
 
       - name: Install Syft
         uses: anchore/sbom-action/download-syft@719133684c7d294116626d1344fe64f0d2ff3e9e # ratchet:anchore/sbom-action/[email protected]
@@ -201,9 +201,9 @@ jobs:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # ratchet:sigstore/cosign-installer@v3.3.0
+        uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # ratchet:sigstore/cosign-installer@v3.4.0
         with:
-          cosign-release: 'v2.2.2'
+          cosign-release: 'v2.2.3'
 
       - name: Sign provenance
         run: |
@@ -237,9 +237,9 @@ jobs:
 
     steps:
       - name: Install cosign
-        uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # ratchet:sigstore/cosign-installer@v3.3.0
+        uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # ratchet:sigstore/cosign-installer@v3.4.0
         with:
-          cosign-release: 'v2.2.2'
+          cosign-release: 'v2.2.3'
 
       - name: Generate provenance for ${{ matrix.repo }}
         uses: philips-labs/slsa-provenance-action@6b2fd198d38ba72fb3cc08fbc52da2ebaef2efad # ratchet:philips-labs/[email protected]