From 6f36e4e2178097724dfd6b94e5dbd798c0622e5c Mon Sep 17 00:00:00 2001 From: JamBalaya56562 Date: Sat, 30 Aug 2025 05:08:05 +0900 Subject: [PATCH] docs: bump `actions/attest-build-provenance` from 2 to 3 --- .../use-artifact-attestations/use-artifact-attestations.md | 4 ++-- .../tutorials/publish-packages/publish-docker-images.md | 4 ++-- data/reusables/package_registry/publish-docker-image.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/content/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations.md b/content/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations.md index 6548c4b8273b..50013ab488b4 100644 --- a/content/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations.md +++ b/content/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations.md @@ -42,7 +42,7 @@ When you run your updated workflows, they will build your artifacts and generate ```yaml - name: Generate artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-path: 'PATH/TO/ARTIFACT' ``` @@ -65,7 +65,7 @@ When you run your updated workflows, they will build your artifacts and generate ```yaml - name: Generate artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}{% endraw %} subject-digest: 'sha256:fedcba0...' diff --git a/content/actions/tutorials/publish-packages/publish-docker-images.md b/content/actions/tutorials/publish-packages/publish-docker-images.md index 4041ded5bdc1..db85a5870ce8 100644 --- a/content/actions/tutorials/publish-packages/publish-docker-images.md +++ b/content/actions/tutorials/publish-packages/publish-docker-images.md @@ -117,7 +117,7 @@ jobs: {% ifversion artifact-attestations %} - name: Generate artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: index.docker.io/my-docker-hub-namespace/my-docker-hub-repository subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} @@ -229,7 +229,7 @@ jobs: {% ifversion artifact-attestations %} - name: Generate artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: {% data reusables.package_registry.container-registry-hostname %}/{% raw %}${{ github.repository }}{% endraw %} subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} diff --git a/data/reusables/package_registry/publish-docker-image.md b/data/reusables/package_registry/publish-docker-image.md index 7e6fed437792..ae547a3a517a 100644 --- a/data/reusables/package_registry/publish-docker-image.md +++ b/data/reusables/package_registry/publish-docker-image.md @@ -57,7 +57,7 @@ jobs: {% ifversion artifact-attestations %} # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see [Using artifact attestations to establish provenance for builds](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). - name: Generate artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %}