From 85b8044f5a09fad1fe10a8d1501e5ee252c95cae Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 27 Jun 2026 04:44:09 +0000 Subject: [PATCH] chore(deps): update actions/attest action to v4.1.1 --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 216e5c8..4aa9c62 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -174,7 +174,7 @@ jobs: # index digest and stored as an OCI referrer alongside it (verifiable with # `gh attestation verify oci://...`). Same mechanism as the binaries below. - name: Attest image provenance - uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0 + uses: actions/attest@a1948c3f048ba23858d222213b7c278aabede763 # v4.1.1 with: subject-name: ghcr.io/rite-ly/rite subject-digest: ${{ steps.image.outputs.digest }} @@ -267,7 +267,7 @@ jobs: # raw build outputs) means each subject digest matches what a user downloads, so # `gh attestation verify --repo rite-ly/rite` succeeds on the artefact itself. - name: Attest release artifacts - uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0 + uses: actions/attest@a1948c3f048ba23858d222213b7c278aabede763 # v4.1.1 with: subject-path: release/*