diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index ff46f0a2cc..4af9d42e0a 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -20,7 +20,7 @@ jobs: with: go-version-file: 'go.mod' check-latest: true - - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 + - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 # Build ko from HEAD, build and push an image tagged with the commit SHA, # then keylessly sign it with cosign. diff --git a/.github/workflows/kind-e2e.yaml b/.github/workflows/kind-e2e.yaml index 81fd8a7160..5caeaefee9 100644 --- a/.github/workflows/kind-e2e.yaml +++ b/.github/workflows/kind-e2e.yaml @@ -36,7 +36,7 @@ jobs: registry-authority: ${{ env.REGISTRY_NAME }}:${{ env.REGISTRY_PORT }} - name: Install Cosign - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 + uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 - name: Run Smoke Test run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 221273f747..bb3c571196 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -34,7 +34,7 @@ jobs: - uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # v0.3 - - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 + - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 - name: Set tag output id: tag diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml index 585013dfbf..d3fa303fee 100644 --- a/.github/workflows/sbom.yaml +++ b/.github/workflows/sbom.yaml @@ -23,7 +23,7 @@ jobs: go-version-file: 'go.mod' check-latest: true - uses: chainguard-dev/actions/setup-registry@main - - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 + - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 - name: Install CycloneDX run: | @@ -55,7 +55,7 @@ jobs: go-version-file: 'go.mod' check-latest: true - uses: chainguard-dev/actions/setup-registry@main - - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 + - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 - name: Install SPDX Tools run: | @@ -88,7 +88,7 @@ jobs: go-version-file: 'go.mod' check-latest: true - uses: chainguard-dev/actions/setup-registry@main - - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 + - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 - name: Install SPDX Tools run: |