[PR #205] [MERGED] Update slsa-framework/slsa-github-generator action to v1.4.0 #232

New issue

Closed

opened 2026-03-03 14:30:16 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 14:30:16 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/205
Author: @renovate[bot]
Created: 12/2/2022
Status: ✅ Merged
Merged: 12/2/2022
Merged by: @konstruktoid

Base: master ← Head: renovate/slsa-framework-slsa-github-generator-1.x

📝 Commits (1)

642bf78 Update slsa-framework/slsa-github-generator action to v1.4.0

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/slsa.yml (+1 -1)

📄 Description

This PR contains the following updates:

Package	Type	Update	Change
slsa-framework/slsa-github-generator	action	minor	`v1.3.0` -> `v1.4.0`

Release Notes

slsa-framework/slsa-github-generator

`v1.4.0`

Compare Source

What's Changed

🥳 This release is the first Generally Available version of the generic container workflow. The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows 🥳

🎉 This is also the first release (technically the second) with support for the generally available version of sigstore!! 🎉
We hope to have fewer issues with sigstore infrastructure moving forward.

Bug fixes

Allow users of the generic generator workflow to generate provenance using for artifacts created in a project subdirectory (#1225)
Allow environment variables to contain '=' characters in the Go workflow (#1231)

New Contributors

@cfergeau made their first contribution in https://github.com/slsa-framework/slsa-github-generator/pull/1232
@DanAlbert made their first contribution in https://github.com/slsa-framework/slsa-github-generator/pull/1239
@gal-legit made their first contribution in https://github.com/slsa-framework/slsa-github-generator/pull/1252

Full Changelog

Update references to main after v1.2.2 release by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1228
[generic] fix attestation file creation when subject names are in subdirectories by @asraa in https://github.com/slsa-framework/slsa-github-generator/pull/1226
Update docs to use v1.2.2 by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1229
Update RELEASE docs by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1227
chore(deps): update npm dev to v5.43.0 by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/1230
builder: go: Allow equal signs in env vars by @cfergeau in https://github.com/slsa-framework/slsa-github-generator/pull/1232
Ko example by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/951
docs(generic-generator): clarify that created provenance is encapsulated by @diogoteles08 in https://github.com/slsa-framework/slsa-github-generator/pull/1235
Fix semver regex in actions pre-submit by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1233
Fix typo in doc. by @DanAlbert in https://github.com/slsa-framework/slsa-github-generator/pull/1239
Fix reference Gradle workflow. by @DanAlbert in https://github.com/slsa-framework/slsa-github-generator/pull/1240
Start code freeze for v1.3.0 by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1248
Undo the v1.3.0 freeze by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1260
Badges and README updates by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1263
Fix docs for goreleaser with the generic generator to include docker di… by @gal-legit in https://github.com/slsa-framework/slsa-github-generator/pull/1252
Fix grep by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1249
Exclude go from renovate PR grouping by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1268
chore(deps): update npm dev by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/1243
Fix permissions in doc by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1247
chore(deps): update github-actions by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/1242
Update GHA token permissions for generic container workflow by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1258
fix(deps): update go by @renovate-bot in https://github.com/slsa-framework/slsa-github-generator/pull/1205
Update references check to support pre-release by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1270
Restore compile-builder pre-submit by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1272
Code freeze v1.4.0 rc.0 by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1271
undo freeze by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1284
Revert package perms by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1283
Code freeze for v1.4.0-rc.1 by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1285
Undo freeze for v1.4.0-rc.1 by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1288
Update generate-builder tag check to support pre-releases by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1287
refactor: Update refs to v1.4.0-rc.2 by @ianlewis in https://github.com/slsa-framework/slsa-github-generator/pull/1290

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/205 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 12/2/2022 **Status:** ✅ Merged **Merged:** 12/2/2022 **Merged by:** [@konstruktoid](https://github.com/konstruktoid) **Base:** `master` ← **Head:** `renovate/slsa-framework-slsa-github-generator-1.x` --- ### 📝 Commits (1) - [`642bf78`](https://github.com/konstruktoid/hardening/commit/642bf7833b73e3ca204ce5e5f5f81cf38128a580) Update slsa-framework/slsa-github-generator action to v1.4.0 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/slsa.yml` (+1 -1) </details> ### 📄 Description [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | minor | `v1.3.0` -> `v1.4.0` | --- ### Release Notes <details> <summary>slsa-framework/slsa-github-generator</summary> ### [`v1.4.0`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.4.0) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.3.0...v1.4.0) ##### What's Changed 🥳 This release is the first Generally Available version of the [generic container workflow](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container). The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows 🥳 🎉 This is also the first release (technically the second) with support for the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)!! 🎉 We hope to have fewer issues with sigstore infrastructure moving forward. ##### Bug fixes 1. Allow users of the [generic generator workflow](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance using for artifacts created in a project subdirectory ([#1225](https://togithub.com/slsa-framework/slsa-github-generator/issues/1225)) 2. Allow environment variables to contain '=' characters in the [Go workflow](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) ([#1231](https://togithub.com/slsa-framework/slsa-github-generator/issues/1231)) ##### New Contributors - [@cfergeau](https://togithub.com/cfergeau) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1232](https://togithub.com/slsa-framework/slsa-github-generator/pull/1232) - [@DanAlbert](https://togithub.com/DanAlbert) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1239](https://togithub.com/slsa-framework/slsa-github-generator/pull/1239) - [@gal-legit](https://togithub.com/gal-legit) made their first contribution in [https://github.com/slsa-framework/slsa-github-generator/pull/1252](https://togithub.com/slsa-framework/slsa-github-generator/pull/1252) ##### Full Changelog - Update references to main after v1.2.2 release by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1228](https://togithub.com/slsa-framework/slsa-github-generator/pull/1228) - \[generic] fix attestation file creation when subject names are in subdirectories by [@asraa](https://togithub.com/asraa) in [https://github.com/slsa-framework/slsa-github-generator/pull/1226](https://togithub.com/slsa-framework/slsa-github-generator/pull/1226) - Update docs to use v1.2.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1229](https://togithub.com/slsa-framework/slsa-github-generator/pull/1229) - Update RELEASE docs by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1227](https://togithub.com/slsa-framework/slsa-github-generator/pull/1227) - chore(deps): update npm dev to v5.43.0 by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1230](https://togithub.com/slsa-framework/slsa-github-generator/pull/1230) - builder: go: Allow equal signs in env vars by [@cfergeau](https://togithub.com/cfergeau) in [https://github.com/slsa-framework/slsa-github-generator/pull/1232](https://togithub.com/slsa-framework/slsa-github-generator/pull/1232) - Ko example by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/951](https://togithub.com/slsa-framework/slsa-github-generator/pull/951) - docs(generic-generator): clarify that created provenance is encapsulated by [@diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/slsa-framework/slsa-github-generator/pull/1235](https://togithub.com/slsa-framework/slsa-github-generator/pull/1235) - Fix semver regex in actions pre-submit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1233](https://togithub.com/slsa-framework/slsa-github-generator/pull/1233) - Fix typo in doc. by [@DanAlbert](https://togithub.com/DanAlbert) in [https://github.com/slsa-framework/slsa-github-generator/pull/1239](https://togithub.com/slsa-framework/slsa-github-generator/pull/1239) - Fix reference Gradle workflow. by [@DanAlbert](https://togithub.com/DanAlbert) in [https://github.com/slsa-framework/slsa-github-generator/pull/1240](https://togithub.com/slsa-framework/slsa-github-generator/pull/1240) - Start code freeze for v1.3.0 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1248](https://togithub.com/slsa-framework/slsa-github-generator/pull/1248) - Undo the v1.3.0 freeze by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1260](https://togithub.com/slsa-framework/slsa-github-generator/pull/1260) - Badges and README updates by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1263](https://togithub.com/slsa-framework/slsa-github-generator/pull/1263) - Fix docs for goreleaser with the generic generator to include docker di… by [@gal-legit](https://togithub.com/gal-legit) in [https://github.com/slsa-framework/slsa-github-generator/pull/1252](https://togithub.com/slsa-framework/slsa-github-generator/pull/1252) - Fix grep by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1249](https://togithub.com/slsa-framework/slsa-github-generator/pull/1249) - Exclude go from renovate PR grouping by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1268](https://togithub.com/slsa-framework/slsa-github-generator/pull/1268) - chore(deps): update npm dev by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1243](https://togithub.com/slsa-framework/slsa-github-generator/pull/1243) - Fix permissions in doc by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1247](https://togithub.com/slsa-framework/slsa-github-generator/pull/1247) - chore(deps): update github-actions by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1242](https://togithub.com/slsa-framework/slsa-github-generator/pull/1242) - Update GHA token permissions for generic container workflow by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1258](https://togithub.com/slsa-framework/slsa-github-generator/pull/1258) - fix(deps): update go by [@renovate-bot](https://togithub.com/renovate-bot) in [https://github.com/slsa-framework/slsa-github-generator/pull/1205](https://togithub.com/slsa-framework/slsa-github-generator/pull/1205) - Update references check to support pre-release by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1270](https://togithub.com/slsa-framework/slsa-github-generator/pull/1270) - Restore compile-builder pre-submit by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1272](https://togithub.com/slsa-framework/slsa-github-generator/pull/1272) - Code freeze v1.4.0 rc.0 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1271](https://togithub.com/slsa-framework/slsa-github-generator/pull/1271) - undo freeze by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1284](https://togithub.com/slsa-framework/slsa-github-generator/pull/1284) - Revert package perms by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1283](https://togithub.com/slsa-framework/slsa-github-generator/pull/1283) - Code freeze for v1.4.0-rc.1 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1285](https://togithub.com/slsa-framework/slsa-github-generator/pull/1285) - Undo freeze for v1.4.0-rc.1 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1288](https://togithub.com/slsa-framework/slsa-github-generator/pull/1288) - Update generate-builder tag check to support pre-releases by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1287](https://togithub.com/slsa-framework/slsa-github-generator/pull/1287) - refactor: Update refs to v1.4.0-rc.2 by [@ianlewis](https://togithub.com/ianlewis) in [https://github.com/slsa-framework/slsa-github-generator/pull/1290](https://togithub.com/slsa-framework/slsa-github-generator/pull/1290) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/konstruktoid/hardening).  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>