build-packages: Fix the handling of provenance artifacts

author Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 9 Jan 2024 11:40:29 +0000 (12:40 +0100)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 9 Jan 2024 11:40:29 +0000 (12:40 +0100)
author Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 9 Jan 2024 11:40:29 +0000 (12:40 +0100)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 9 Jan 2024 11:40:29 +0000 (12:40 +0100)
diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml

index e593ea7706811f695572874254219fbe6e8673f0..13ab3a36b379b89025ad4316b56728cf815114fc 100644 (file)
--- a/.github/workflows/build-packages.yml
+++ b/.github/workflows/build-packages.yml
@@ -187,12 +187,12 @@ jobs:
      steps:
        - name: Download source tarball provenance for ${{ inputs.product }} (${{ inputs.ref }})
          id: download-src-provenance
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3 # we need v3, see https://github.com/slsa-framework/slsa-github-generator/pull/3067/files
          with:
            name: "${{ inputs.product }}-${{ needs.build.outputs.version }}-src.intoto.jsonl"
        - name: Download provenance for ${{ inputs.product }} (${{ inputs.ref }}) for ${{ matrix.os }}
          id: download-provenance
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3 # we need v3, see https://github.com/slsa-framework/slsa-github-generator/pull/3067/files
          with:
            name: "${{ inputs.product }}-${{ needs.build.outputs.version }}-${{ matrix.os}}.intoto.jsonl"
        - name: Upload provenance artifacts to downloads.powerdns.com
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 9 Jan 2024 11:40:29 +0000 (12:40 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 9 Jan 2024 11:40:29 +0000 (12:40 +0100)