From 80c42852fa867a8c451aab56dfeba7301428125b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?=
 <konstruktoid@users.noreply.github.com>
Date: Fri, 11 Oct 2024 08:32:12 +0000
Subject: [PATCH 1/2] update slsa action
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
---
 .github/workflows/slsa.yml | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/slsa.yml b/.github/workflows/slsa.yml
index 037605c..f105bda 100644
--- a/.github/workflows/slsa.yml
+++ b/.github/workflows/slsa.yml
@@ -16,15 +16,20 @@ jobs:
       hashes: ${{ steps.hash.outputs.hashes }}
     runs-on: ubuntu-latest
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
+
       - run: echo "REPOSITORY_NAME=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')" >> $GITHUB_ENV
         shell: bash
 
       - name: Checkout repository
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # master
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Build artifacts
         run: |
-          find tymely -type f -exec sha256sum {} \; > ${{ env.REPOSITORY_NAME }}.sha256
+          find tymely -type f -exec sha256sum {} \; > ${{ env.REPOSITORY_NAME }}.sha25
 
       - name: Generate hashes
         shell: bash
@@ -52,6 +57,10 @@ jobs:
       upload-assets: ${{ startsWith(github.ref, 'refs/tags/') }}
 
   release:
+    permissions:
+      actions: read
+      id-token: write
+      contents: write
     needs: [build, provenance]
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/tags/')

From dd709d0f3893a963b6e7533b726fd902858405bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?=
 <konstruktoid@users.noreply.github.com>
Date: Fri, 11 Oct 2024 08:33:30 +0000
Subject: [PATCH 2/2] correct file name
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
---
 .github/workflows/slsa.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/slsa.yml b/.github/workflows/slsa.yml
index f105bda..ad72a19 100644
--- a/.github/workflows/slsa.yml
+++ b/.github/workflows/slsa.yml
@@ -29,7 +29,7 @@ jobs:
 
       - name: Build artifacts
         run: |
-          find tymely -type f -exec sha256sum {} \; > ${{ env.REPOSITORY_NAME }}.sha25
+          find tymely -type f -exec sha256sum {} \; > ${{ env.REPOSITORY_NAME }}.sha256
 
       - name: Generate hashes
         shell: bash