[PR #413] [MERGED] Update slsa-framework/slsa-github-generator action to v2 #425

New issue

Closed

opened 2026-03-03 14:31:07 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 14:31:07 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/413
Author: @renovate[bot]
Created: 4/22/2024
Status: ✅ Merged
Merged: 4/22/2024
Merged by: @konstruktoid

Base: master ← Head: renovate/slsa-framework-slsa-github-generator-2.x

📝 Commits (1)

2137b3a Update slsa-framework/slsa-github-generator action to v2

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/slsa.yml (+1 -1)

📄 Description

This PR contains the following updates:

Package	Type	Update	Change
slsa-framework/slsa-github-generator	action	major	`v1.10.0` -> `v2.0.0`

Release Notes

slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)

`v2.0.0`

Compare Source

v2.0.0: Breaking Change: upload-artifact and download-artifact

Our workflows now use the new @v4s of actions/upload-artifact and actions/download-artifact, which are incompatiblle with the prior @v3. See Our docs on the generic generator for more information and how to upgrade.

v2.0.0: Breaking Change: attestation-name Workflow Input and Output

attestation-name as a workflow input to .github/workflows/generator_generic_slsa3.yml is now removed. Use provenance-name instead.

v2.0.0: DSSE Rekor Type

When uploading signed provenance to the log, the entry created in the log is now
a DSSE Rekor type. This fixes a bug where the current intoto type does not
persist provenance signatures. The attestation will no longer be persisted
in Rekor (#3299)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/413 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 4/22/2024 **Status:** ✅ Merged **Merged:** 4/22/2024 **Merged by:** [@konstruktoid](https://github.com/konstruktoid) **Base:** `master` ← **Head:** `renovate/slsa-framework-slsa-github-generator-2.x` --- ### 📝 Commits (1) - [`2137b3a`](https://github.com/konstruktoid/hardening/commit/2137b3ac9eefe865ec5182ab0b896fa1a4574753) Update slsa-framework/slsa-github-generator action to v2 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/slsa.yml` (+1 -1) </details> ### 📄 Description [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | major | `v1.10.0` -> `v2.0.0` | --- ### Release Notes <details> <summary>slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)</summary> ### [`v2.0.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v200) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0) ##### v2.0.0: Breaking Change: upload-artifact and download-artifact - Our workflows now use the new `@v4`s of `actions/upload-artifact` and `actions/download-artifact`, which are incompatiblle with the prior `@v3`. See Our docs on the [generic generator](./internal/builders/generic/README.md#compatibility-with-actionsdownload-artifact) for more information and how to upgrade. ##### v2.0.0: Breaking Change: attestation-name Workflow Input and Output - `attestation-name` as a workflow input to `.github/workflows/generator_generic_slsa3.yml` is now removed. Use `provenance-name` instead. ##### v2.0.0: DSSE Rekor Type - When uploading signed provenance to the log, the entry created in the log is now a DSSE Rekor type. This fixes a bug where the current intoto type does not persist provenance signatures. The attestation will no longer be persisted in Rekor ([#3299](https://togithub.com/slsa-framework/slsa-github-generator/issues/3299)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/konstruktoid/hardening).  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>