diff --git a/.github/actions/checkout-go/action.yml b/.github/actions/checkout-go/action.yml index 49e818d60b..577e3d7943 100644 --- a/.github/actions/checkout-go/action.yml +++ b/.github/actions/checkout-go/action.yml @@ -24,6 +24,7 @@ runs: - name: Checkout the repository with user SHA uses: slsa-framework/slsa-github-generator/.github/actions/secure-checkout@f348c29e4be53b8413640f1f2eabd3fbde249a15 with: + # TODO(github.com/slsa-framework/slsa-github-generator/issues/996): Don't quote values to preserve defaults. repository: "${{ inputs.repository }}" sha: "${{ inputs.sha }}" token: "${{ inputs.token }}" diff --git a/.github/actions/checkout-node/action.yml b/.github/actions/checkout-node/action.yml index f71a81a40f..d386dd1221 100644 --- a/.github/actions/checkout-node/action.yml +++ b/.github/actions/checkout-node/action.yml @@ -24,6 +24,7 @@ runs: - name: Checkout the repository with user ref uses: slsa-framework/slsa-github-generator/.github/actions/secure-checkout@f348c29e4be53b8413640f1f2eabd3fbde249a15 with: + # TODO(github.com/slsa-framework/slsa-github-generator/issues/996): Don't quote values to preserve defaults. repository: "${{ inputs.repository }}" sha: "${{ inputs.sha }}" token: "${{ inputs.token }}" diff --git a/.github/actions/generate-builder/action.yml b/.github/actions/generate-builder/action.yml index a7bd58922b..0e05aa3863 100644 --- a/.github/actions/generate-builder/action.yml +++ b/.github/actions/generate-builder/action.yml @@ -1,8 +1,8 @@ name: "Generate the builder" description: "Build or fetch the builder binary" inputs: - ref: - description: "Ref of the builder." + sha: + description: "SHA of the builder." required: true repository: description: "Repository of the builder." @@ -34,10 +34,11 @@ runs: using: "composite" steps: - name: Checkout the Go builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/checkout-go@e3220805577deb9d193f64e519abcb3b50851df5 + uses: slsa-framework/slsa-github-generator/.github/actions/checkout-go@74c98157d0a85b0a7fee968e0bd247b58923a8b6 with: + # TODO(github.com/slsa-framework/slsa-github-generator/issues/996): Don't quote values to preserve defaults. repository: "${{ inputs.repository }}" - ref: "${{ inputs.ref }}" + sha: "${{ inputs.sha }}" go-version: "${{ inputs.go-version }}" - name: Generate builder diff --git a/.github/workflows/builder_go_slsa3.yml b/.github/workflows/builder_go_slsa3.yml index 4ee531ad3d..e0c1bf611b 100644 --- a/.github/workflows/builder_go_slsa3.yml +++ b/.github/workflows/builder_go_slsa3.yml @@ -146,9 +146,12 @@ jobs: needs: [privacy-check, builder, rng] steps: - name: Checkout the Go repository - uses: slsa-framework/slsa-github-generator/.github/actions/checkout-go@e3220805577deb9d193f64e519abcb3b50851df5 + uses: slsa-framework/slsa-github-generator/.github/actions/checkout-go@74c98157d0a85b0a7fee968e0bd247b58923a8b6 with: go-version: ${{ inputs.go-version }} + # TODO(github.com/slsa-framework/slsa-github-generator/issues/996): Omit these default inputs. + repository: ${{ github.repository }} + sha: ${{ github.sha }} - name: Download builder uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@e3220805577deb9d193f64e519abcb3b50851df5 @@ -183,9 +186,12 @@ jobs: needs: [privacy-check, builder, build-dry, rng] steps: - name: Checkout the Go repository - uses: slsa-framework/slsa-github-generator/.github/actions/checkout-go@e3220805577deb9d193f64e519abcb3b50851df5 + uses: slsa-framework/slsa-github-generator/.github/actions/checkout-go@74c98157d0a85b0a7fee968e0bd247b58923a8b6 with: go-version: ${{ inputs.go-version }} + # TODO(github.com/slsa-framework/slsa-github-generator/issues/996): Omit these default inputs. + repository: ${{ github.repository }} + sha: ${{ github.sha }} - name: Download builder uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@e3220805577deb9d193f64e519abcb3b50851df5