diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f2776f442e7f..3c011ba02682 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -151,13 +151,13 @@ jobs: packages: write # To upload assets to release. actions: read # To read the workflow path. # NOTE: The container generator workflow is not officially released as GA. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.5.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 with: image: ghcr.io/${{ github.repository_owner }}/kyvernopre digest: "${{ needs.release-images.outputs.kyverno-init-digest }}" registry-username: ${{ github.actor }} secrets: - registry-password: ${{ secrets.CR_PAT }} + registry-password: ${{ secrets.GITHUB_TOKEN }} generate-background-controller-provenance: needs: release-images @@ -166,13 +166,13 @@ jobs: packages: write # To upload assets to release. actions: read # To read the workflow path. # NOTE: The container generator workflow is not officially released as GA. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.5.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 with: image: ghcr.io/${{ github.repository_owner }}/background-controller digest: "${{ needs.release-images.outputs.background-controller-digest }}" registry-username: ${{ github.actor }} secrets: - registry-password: ${{ secrets.CR_PAT }} + registry-password: ${{ secrets.GITHUB_TOKEN }} generate-cleanup-controller-provenance: needs: release-images @@ -181,13 +181,13 @@ jobs: packages: write # To upload assets to release. actions: read # To read the workflow path. # NOTE: The container generator workflow is not officially released as GA. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.5.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 with: image: ghcr.io/${{ github.repository_owner }}/cleanup-controller digest: "${{ needs.release-images.outputs.cleanup-controller-digest }}" registry-username: ${{ github.actor }} secrets: - registry-password: ${{ secrets.CR_PAT }} + registry-password: ${{ secrets.GITHUB_TOKEN }} generate-kyverno-cli-provenance: needs: release-images @@ -196,13 +196,13 @@ jobs: packages: write # To upload assets to release. actions: read # To read the workflow path. # NOTE: The container generator workflow is not officially released as GA. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.5.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 with: image: ghcr.io/${{ github.repository_owner }}/kyverno-cli digest: "${{ needs.release-images.outputs.cli-digest }}" registry-username: ${{ github.actor }} secrets: - registry-password: ${{ secrets.CR_PAT }} + registry-password: ${{ secrets.GITHUB_TOKEN }} generate-reports-controller-provenance: needs: release-images @@ -211,13 +211,13 @@ jobs: packages: write # To upload assets to release. actions: read # To read the workflow path. # NOTE: The container generator workflow is not officially released as GA. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.5.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 with: image: ghcr.io/${{ github.repository_owner }}/reports-controller digest: "${{ needs.release-images.outputs.reports-controller-digest }}" registry-username: ${{ github.actor }} secrets: - registry-password: ${{ secrets.CR_PAT }} + registry-password: ${{ secrets.GITHUB_TOKEN }} create-release: runs-on: ubuntu-latest