fix: use tag for the builder in the release workflow #788
Commits on Jul 11, 2024
-
The slsa-github-generator's workflow ref needs to be pinned by tag, not by hash. Fixes this error - https://github.com/slsa-framework/slsa-verifier/actions/runs/9893912259/job/27330429383#step:4:17 ``` Verifying slsa-verifier-linux-arm64 using slsa-verifier-linux-arm64.intoto.jsonl Verified signature against tlog entry index 110869188 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77aa9a66ae8969e055f85c9ec9e0ebbe52e4947cd33cf7b84af120088fe641b8e84 Verifying artifact slsa-verifier-linux-arm64: FAILED: invalid ref: "c747fe7769adf3656dc7d588b161cb614d7abfee": unexpected ref type: "" FAILED: SLSA verification failed: invalid ref: "c747fe7769adf3656dc7d588b161cb614d7abfee": unexpected ref type: "" ``` Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.