pin actions/attest reference by commit sha (#493)

Signed-off-by: Brian DeHamer <bdehamer@github.com>

__tests__/__snapshots__/main.test.ts.snap

@@ -7,7 +7,7 @@ exports[`main when a non-default OIDC issuer is used successfully run main 1`] =
     "externalParameters": {
       "workflow": {
         "path": ".github/workflows/main.yml",
-        "ref": "main",
+        "ref": "refs/heads/main",
         "repository": "https://example-01.ghe.com/owner/repo",
       },
     },
@@ -46,7 +46,7 @@ exports[`main when the default OIDC issuer is used successfully run main 1`] = `
     "externalParameters": {
       "workflow": {
         "path": ".github/workflows/main.yml",
-        "ref": "main",
+        "ref": "refs/heads/main",
         "repository": "https://github.com/owner/repo",
       },
     },

action.yml

@@ -62,9 +62,9 @@ outputs:
 runs:
   using: 'composite'
   steps:
-    - uses: actions/attest-build-provenance/predicate@36fa7d009e22618ca7cd599486979b8150596c74 # predicate@1.1.4
+    - uses: actions/attest-build-provenance/predicate@1176ef556905f349f669722abf30bce1a6e16e01 # predicate@1.1.5
       id: generate-build-provenance-predicate
-    - uses: actions/attest@v2.2.1
+    - uses: actions/attest@a63cfcc7d1aab266ee064c58250cfc2c7d07bc31 # v2.2.1
       id: attest
       with:
         subject-path: ${{ inputs.subject-path }}

dist/index.js

@@ -377,11 +377,9 @@ const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void
     // Split just the path and ref from the workflow string.
     // owner/repo/.github/workflows/main.yml@main =>
     //   .github/workflows/main.yml, main
-    const [workflowPath, ...workflowRefChunks] = claims.workflow_ref
+    const [workflowPath] = claims.workflow_ref
         .replace(`${claims.repository}/`, '')
         .split('@');
-    // Handle case where tag contains `@` (e.g: when using changesets in a monorepo context),
-    const workflowRef = workflowRefChunks.join('@');
     return {
         type: SLSA_PREDICATE_V1_TYPE,
         params: {
@@ -389,7 +387,7 @@ const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void
                 buildType: GITHUB_BUILD_TYPE,
                 externalParameters: {
                     workflow: {
-                        ref: workflowRef,
+                        ref: claims.ref,
                         repository: `${serverURL}/${claims.repository}`,
                         path: workflowPath
                     }

package-lock.json

@@ -1,15 +1,15 @@
 {
   "name": "actions/attest-build-provenance",
-  "version": "1.1.4",
+  "version": "1.1.5",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "actions/attest-build-provenance",
-      "version": "1.1.4",
+      "version": "1.1.5",
       "license": "MIT",
       "dependencies": {
-        "@actions/attest": "^1.5.0",
+        "@actions/attest": "^1.6.0",
         "@actions/core": "^1.11.1"
       },
       "devDependencies": {
@@ -34,9 +34,9 @@
       }
     },
     "node_modules/@actions/attest": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/@actions/attest/-/attest-1.5.0.tgz",
-      "integrity": "sha512-KIalYPhJu0/6LOhT+Bhw0GncresPCiY1onLq8n0whjoJX0/M7UQmgXkn1ioQnNrkzEhcs6wVKwylusbMwTOX0g==",
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/@actions/attest/-/attest-1.6.0.tgz",
+      "integrity": "sha512-D+VcLqUImA7Gr5qPQrRGvNUJKzP67IHV3/ofF5QBpLqe3Vih3hb74k9ZtjHXamiZNVZi2Wkphj8yTi4/xiWkwQ==",
       "license": "MIT",
       "dependencies": {
         "@actions/core": "^1.11.1",

package.json

@@ -1,7 +1,7 @@
 {
   "name": "actions/attest-build-provenance",
   "description": "Generate signed build provenance attestations",
-  "version": "1.1.4",
+  "version": "1.1.5",
   "author": "",
   "private": true,
   "homepage": "https://github.com/actions/attest-build-provenance",
@@ -70,7 +70,7 @@
     ]
   },
   "dependencies": {
-    "@actions/attest": "^1.5.0",
+    "@actions/attest": "^1.6.0",
     "@actions/core": "^1.11.1"
   },
   "devDependencies": {