diff --git a/.github/workflows/cross.yaml b/.github/workflows/cross.yaml index 17e3115e315..43f201e46ec 100644 --- a/.github/workflows/cross.yaml +++ b/.github/workflows/cross.yaml @@ -61,7 +61,7 @@ jobs: ./${{matrix.COSIGN_TARGET}} verify-blob --key ./.github/workflows/cosign-test.pub --signature ${{matrix.SGET_TARGET}}.sig ./${{matrix.SGET_TARGET}} - name: Upload artifacts if: github.event_name != 'pull_request' - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v2.3.1 + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v2.3.1 with: name: artifacts path: | diff --git a/.github/workflows/scorecard_action.yml b/.github/workflows/scorecard_action.yml index ef35aeb078c..b34dd7fabdf 100644 --- a/.github/workflows/scorecard_action.yml +++ b/.github/workflows/scorecard_action.yml @@ -44,7 +44,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v2.3.1 + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v2.3.1 with: name: SARIF file path: results.sarif