From ed846ec4fe911e0e627b36a611d4d025f7decb34 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 06:49:15 +0000 Subject: [PATCH] chore(deps): bump actions/attest-build-provenance from 1.4.4 to 2.0.1 Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 1.4.4 to 2.0.1. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/ef244123eb79f2f7a7e75d99086184180e6d0018...c4fbc648846ca6f503a13a2281a5e7b98aa57202) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-wheel.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml index 77f770d804..d5a05231e2 100644 --- a/.github/workflows/build-wheel.yml +++ b/.github/workflows/build-wheel.yml @@ -44,11 +44,11 @@ jobs: echo "tar=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT echo "whl=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT - name: Attest Build Provenance for tar - uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 + uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1 with: subject-path: "dist/${{ steps.filename.outputs.tar }}" - name: Attest Build Provenance for whl - uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 + uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1 with: subject-path: "dist/${{ steps.filename.outputs.whl }}" # TODO Upload to pypi on release creation