Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use upload-artifact@v4 #3

Merged
merged 1 commit into from
Apr 3, 2024
Merged

use upload-artifact@v4 #3

merged 1 commit into from
Apr 3, 2024

Conversation

ramonpetgrave64
Copy link
Contributor

@ramonpetgrave64 ramonpetgrave64 commented Mar 18, 2024
edited
Loading

@ramonpetgrave64
use upload-artifact@v4
9778355 
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
@ramonpetgrave64
Copy link
Contributor Author

@laurentsimon

This was referenced Mar 18, 2024
Merged
Closed
ianlewis
ianlewis approved these changes Mar 18, 2024
View reviewed changes
high-perms-checkout/action.yml
@@ -68,7 +68,7 @@ runs:
# builders are run concurrently. This is simplified
# for our e2e tests.
- name: Upload the artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might we want to pin these to a version as well? example-package is in many ways more problematic security-wise than slsa-github-generator repo since example-package has access to highly privileged PAT tokens.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this repo only contains example. Either we pin it and we'll never update, or we keep a floating version. I'm fine pinning so long as dependabot is not enabled :)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SG

laurentsimon
laurentsimon approved these changes Mar 19, 2024
View reviewed changes
Copy link
Collaborator

@laurentsimon laurentsimon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I'll wait for a decision on @ianlewis 's comment to merge.
Ping me on the thread when it's ready to merge

@ramonpetgrave64 ramonpetgrave64 mentioned this pull request Apr 2, 2024
Merged
@ramonpetgrave64
Copy link
Contributor Author

@ianlewis please take another look

ianlewis
ianlewis approved these changes Apr 3, 2024
View reviewed changes
high-perms-checkout/action.yml
@@ -68,7 +68,7 @@ runs:
# builders are run concurrently. This is simplified
# for our e2e tests.
- name: Upload the artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SG

@ramonpetgrave64 ramonpetgrave64 merged commit 7e4a903 into slsa-framework:main Apr 3, 2024
ramonpetgrave64 added a commit to slsa-framework/slsa-github-generator that referenced this pull request Apr 3, 2024
@ramonpetgrave64
break: Revert "chore: Revert "fix: upload-artifact and download-artif…
4534a0b 
…act v4"" (#3499)

Reverts #3398

Following up with 

- slsa-framework/example-trw#3
- slsa-framework/example-package#340
- slsa-framework/slsa-verifier#719

Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ianlewis ianlewis ianlewis approved these changes

@laurentsimon laurentsimon laurentsimon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ramonpetgrave64 @ianlewis @laurentsimon