Update all builder and generators to use slsa-verifier v2.4.2

Signed-off-by: laurentsimon <[email protected]>

Author: laurentsimon

.github/workflows/scripts/e2e.container-based.default.verify.sh

@@ -60,7 +60,10 @@ echo "DEBUG: file is ${this_file}"
 export SLSA_VERIFIER_EXPERIMENTAL="1"
 export SLSA_VERIFIER_TESTING="true"
 
-e2e_run_verifier_all_releases "HEAD"
+# Verify provenance authenticity with min version at release v2.4.1
+# Due to the breaking change below, we only need to verify starting at v2.4.1
+# https://github.com/slsa-framework/slsa-github-generator/issues/3350
+e2e_run_verifier_all_releases "v2.4.1"
 
 # Verify the provenance content.
 verify_provenance_content

.github/workflows/scripts/e2e.container.default.verify.sh

@@ -43,7 +43,10 @@ echo "DEBUG: file is ${this_file}"
 export SLSA_VERIFIER_TESTING="true"
 
 # Verify provenance authenticity.
-e2e_run_verifier_all_releases "HEAD"
+# Verify provenance authenticity with min version at release v2.4.1
+# Due to the breaking change below, we only need to verify starting at v2.4.1
+# https://github.com/slsa-framework/slsa-github-generator/issues/3350
+e2e_run_verifier_all_releases "v2.4.1"
 
 # Verify provenance content.
 verify_provenance_content

.github/workflows/scripts/e2e.delegator.default.verify.sh

@@ -56,9 +56,10 @@ echo "DEBUG: file is ${this_file}"
 
 export SLSA_VERIFIER_TESTING="true"
 
-# Verify provenance authenticity.
-# TODO(233): Update to v1.8.0 tag.
-e2e_run_verifier_all_releases "HEAD"
+# Verify provenance authenticity with min version at release v2.4.1
+# Due to the breaking change below, we only need to verify starting at v2.4.1
+# https://github.com/slsa-framework/slsa-github-generator/issues/3350
+e2e_run_verifier_all_releases "v2.4.1"
 
 # Verify provenance content.
 verify_provenance_content

.github/workflows/scripts/e2e.generic.default.verify.sh

@@ -69,8 +69,10 @@ echo "DEBUG: file is ${this_file}"
 
 export SLSA_VERIFIER_TESTING="true"
 
-# Verify provenance authenticity.
-e2e_run_verifier_all_releases "v1.1.0"
+# Verify provenance authenticity with min version at release v2.4.1
+# Due to the breaking change below, we only need to verify starting at v2.4.1
+# https://github.com/slsa-framework/slsa-github-generator/issues/3350
+e2e_run_verifier_all_releases "v2.4.1"
 
 # Verify the provenance content.
 verify_provenance_content

.github/workflows/scripts/e2e.gradle.default.verify.sh

@@ -66,4 +66,7 @@ export SLSA_VERIFIER_TESTING="true"
 # Verify provenance content.
 verify_provenance_content
 
-e2e_run_verifier_all_releases "HEAD"
+# Verify provenance authenticity with min version at release v2.4.1
+# Due to the breaking change below, we only need to verify starting at v2.4.1
+# https://github.com/slsa-framework/slsa-github-generator/issues/3350
+e2e_run_verifier_all_releases "v2.4.1"

.github/workflows/scripts/e2e.maven.default.verify.sh

@@ -63,4 +63,7 @@ export SLSA_VERIFIER_TESTING="true"
 # Verify provenance content.
 verify_provenance_content
 
-e2e_run_verifier_all_releases "HEAD"
+# Verify provenance authenticity with min version at release v2.4.1
+# Due to the breaking change below, we only need to verify starting at v2.4.1
+# https://github.com/slsa-framework/slsa-github-generator/issues/3350
+e2e_run_verifier_all_releases "v2.4.1"

.github/workflows/scripts/e2e.nodejs.default.verify.sh

@@ -113,5 +113,7 @@ verify_provenance_content
 
 verify_dist_tag
 
-# Verify provenance authenticity with min version at HEAD
-e2e_run_verifier_all_releases "v2.3.0"
+# Verify provenance authenticity with min version at release v2.4.1
+# Due to the breaking change below, we only need to verify starting at v2.4.1
+# https://github.com/slsa-framework/slsa-github-generator/issues/3350
+e2e_run_verifier_all_releases "v2.4.1"