From df36db7a70eb3c88cc55d67662a540a4ade99c79 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?=
 <konstruktoid@users.noreply.github.com>
Date: Wed, 15 Mar 2023 16:46:47 +0100
Subject: [PATCH] update slsa gha
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
---
 .github/workflows/slsa.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/slsa.yml b/.github/workflows/slsa.yml
index 662cdc0..6dfc96c 100644
--- a/.github/workflows/slsa.yml
+++ b/.github/workflows/slsa.yml
@@ -20,7 +20,7 @@ jobs:
         shell: bash
 
       - name: Checkout repository
-        uses: actions/checkout@master
+        uses: actions/checkout@27135e314dd1818f797af1db9dae03a9f045786b # master
 
       - name: Build artifacts
         run: |
@@ -46,10 +46,10 @@ jobs:
       actions: read
       id-token: write
       contents: write
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0
     with:
       base64-subjects: "${{ needs.build.outputs.hashes }}"
-      upload-assets: true
+      upload-assets: ${{ startsWith(github.ref, 'refs/tags/') }}
 
   release:
     needs: [build, provenance]
@@ -60,7 +60,7 @@ jobs:
         shell: bash
 
       - name: Download ${{ env.REPOSITORY_NAME }}.sha256
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@cbed621e49e4c01b044d60f6c80ea4ed6328b281 # v2.1.1
         with:
           name: ${{ env.REPOSITORY_NAME }}.sha256