Skip to content

use upload-artifact@v4#3

Merged
ramonpetgrave64 merged 1 commit intoslsa-framework:mainfrom
ramonpetgrave64:ramonpetgrave64-upload-artifact-v4
Apr 3, 2024
Merged

use upload-artifact@v4#3
ramonpetgrave64 merged 1 commit intoslsa-framework:mainfrom
ramonpetgrave64:ramonpetgrave64-upload-artifact-v4

Conversation

@ramonpetgrave64
Copy link
Contributor

@ramonpetgrave64 ramonpetgrave64 commented Mar 18, 2024
edited
Loading

@ramonpetgrave64
use upload-artifact@v4
9778355 
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
@ramonpetgrave64
Copy link
Contributor Author

ramonpetgrave64 commented Mar 18, 2024

@laurentsimon

This was referenced Mar 18, 2024
Merged
Closed
ianlewis
ianlewis approved these changes Mar 18, 2024
View reviewed changes
high-perms-checkout/action.yml
# for our e2e tests.
- name: Upload the artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
Copy link
Member

@ianlewis ianlewis Mar 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might we want to pin these to a version as well? example-package is in many ways more problematic security-wise than slsa-github-generator repo since example-package has access to highly privileged PAT tokens.

Copy link
Collaborator

@laurentsimon laurentsimon Mar 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this repo only contains example. Either we pin it and we'll never update, or we keep a floating version. I'm fine pinning so long as dependabot is not enabled :)

Copy link
Member

@ianlewis ianlewis Apr 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SG

laurentsimon
laurentsimon approved these changes Mar 19, 2024
View reviewed changes
Copy link
Collaborator

@laurentsimon laurentsimon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I'll wait for a decision on @ianlewis 's comment to merge.
Ping me on the thread when it's ready to merge

@ramonpetgrave64 ramonpetgrave64 mentioned this pull request Apr 2, 2024
Merged
@ramonpetgrave64
Copy link
Contributor Author

ramonpetgrave64 commented Apr 2, 2024

@ianlewis please take another look

ianlewis
ianlewis approved these changes Apr 3, 2024
View reviewed changes
high-perms-checkout/action.yml
# for our e2e tests.
- name: Upload the artifact
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
Copy link
Member

@ianlewis ianlewis Apr 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SG

@ramonpetgrave64 ramonpetgrave64 merged commit 7e4a903 into slsa-framework:main Apr 3, 2024
ramonpetgrave64 added a commit to slsa-framework/slsa-github-generator that referenced this pull request Apr 3, 2024
@ramonpetgrave64
break: Revert "chore: Revert "fix: upload-artifact and download-artif…
4534a0b 
…act v4"" (#3499)

Reverts #3398

Following up with 

- slsa-framework/example-trw#3
- slsa-framework/example-package#340
- slsa-framework/slsa-verifier#719

Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ianlewis ianlewis ianlewis approved these changes

@laurentsimon laurentsimon laurentsimon approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ramonpetgrave64 @ianlewis @laurentsimon