diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 79eb46f3e..e7260e1a8 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -35,7 +35,7 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 + - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: diff --git a/.github/workflows/kind-cluster-image-policy-no-tuf.yaml b/.github/workflows/kind-cluster-image-policy-no-tuf.yaml index 535f9d291..9495067c8 100644 --- a/.github/workflows/kind-cluster-image-policy-no-tuf.yaml +++ b/.github/workflows/kind-cluster-image-policy-no-tuf.yaml @@ -112,7 +112,7 @@ jobs: with: mirror: mirror.gcr.io - - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 + - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 - name: Install cluster + sigstore uses: sigstore/scaffolding/actions/setup@main diff --git a/.github/workflows/kind-cluster-image-policy-trustroot.yaml b/.github/workflows/kind-cluster-image-policy-trustroot.yaml index 9e68d1725..ccd43e485 100644 --- a/.github/workflows/kind-cluster-image-policy-trustroot.yaml +++ b/.github/workflows/kind-cluster-image-policy-trustroot.yaml @@ -117,7 +117,7 @@ jobs: with: mirror: mirror.gcr.io - - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 + - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 - name: Install cluster + sigstore uses: sigstore/scaffolding/actions/setup@main diff --git a/.github/workflows/kind-cluster-image-policy-tsa.yaml b/.github/workflows/kind-cluster-image-policy-tsa.yaml index 40d13b216..212a93cfe 100644 --- a/.github/workflows/kind-cluster-image-policy-tsa.yaml +++ b/.github/workflows/kind-cluster-image-policy-tsa.yaml @@ -112,7 +112,7 @@ jobs: with: mirror: mirror.gcr.io - - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v2 + - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v2 - name: Install cluster + sigstore uses: sigstore/scaffolding/actions/setup@main diff --git a/.github/workflows/kind-cluster-image-policy.yaml b/.github/workflows/kind-cluster-image-policy.yaml index 07a6653fd..115a29264 100644 --- a/.github/workflows/kind-cluster-image-policy.yaml +++ b/.github/workflows/kind-cluster-image-policy.yaml @@ -126,7 +126,7 @@ jobs: with: mirror: mirror.gcr.io - - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 + - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 - name: Install cluster + sigstore uses: sigstore/scaffolding/actions/setup@main diff --git a/.github/workflows/kind-e2e-cosigned.yaml b/.github/workflows/kind-e2e-cosigned.yaml index f5ea83af2..2a4bb8d4d 100644 --- a/.github/workflows/kind-e2e-cosigned.yaml +++ b/.github/workflows/kind-e2e-cosigned.yaml @@ -104,7 +104,7 @@ jobs: - name: Install yq uses: mikefarah/yq@bbdd97482f2d439126582a59689eb1c855944955 # v4.44.3 - - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 + - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 - name: Setup mirror uses: chainguard-dev/actions/setup-mirror@main diff --git a/.github/workflows/kind-e2e-trustroot-crd.yaml b/.github/workflows/kind-e2e-trustroot-crd.yaml index 1426d3cb9..dff6f1933 100644 --- a/.github/workflows/kind-e2e-trustroot-crd.yaml +++ b/.github/workflows/kind-e2e-trustroot-crd.yaml @@ -104,7 +104,7 @@ jobs: - name: Install yq uses: mikefarah/yq@bbdd97482f2d439126582a59689eb1c855944955 # v4.44.3 - - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 + - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 - name: Setup mirror uses: chainguard-dev/actions/setup-mirror@main diff --git a/.github/workflows/policy-tester-examples.yml b/.github/workflows/policy-tester-examples.yml index 3baaa0cff..154552a75 100644 --- a/.github/workflows/policy-tester-examples.yml +++ b/.github/workflows/policy-tester-examples.yml @@ -49,7 +49,7 @@ jobs: run: | make policy-tester - - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 + - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 - name: Setup local registry run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8fb2740bc..82d929808 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,7 +35,7 @@ jobs: go-version-file: './go.mod' check-latest: true - - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 + - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 - uses: anchore/sbom-action/download-syft@d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5 # v0.17.0