OZI Provenance
Version updated for https://github.com/OZI-Project/provenance to version 2.0.0.
- This action is used across all versions by 2 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The OZI Provenance GitHub Action automates the generation and upload of provenance attestations for artifacts within a project’s dist/ directory. It streamlines the process of verifying software integrity and authenticity by creating and attaching attestations to a specified release tag. This action simplifies compliance and enhances trust in software supply chains.
Release notes
What’s Changed
- Bump step-security/harden-runner from 2.13.1 to 2.13.2 by @dependabot[bot] in https://github.com/OZI-Project/provenance/pull/30
- Bump github/codeql-action from 3.30.3 to 4.31.2 by @dependabot[bot] in https://github.com/OZI-Project/provenance/pull/29
- Bump actions/download-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in https://github.com/OZI-Project/provenance/pull/27
- Bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in https://github.com/OZI-Project/provenance/pull/26
- Bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in https://github.com/OZI-Project/provenance/pull/22
- Bump actions/checkout from 5.0.0 to 6.0.2 by @dependabot[bot] in https://github.com/OZI-Project/provenance/pull/31
- Bump actions/attest-build-provenance from 3.0.0 to 4.1.0 by @dependabot[bot] in https://github.com/OZI-Project/provenance/pull/34
- Bump actions/download-artifact from 6.0.0 to 8.0.1 by @dependabot[bot] in https://github.com/OZI-Project/provenance/pull/35
- Bump step-security/harden-runner from 2.13.2 to 2.16.0 by @dependabot[bot] in https://github.com/OZI-Project/provenance/pull/33
- Bump github/codeql-action from 4.31.2 to 4.34.1 by @dependabot[bot] in https://github.com/OZI-Project/provenance/pull/32
Full Changelog: https://github.com/OZI-Project/provenance/compare/1.1.0...2.0.0