diff --git a/.github/actions/generate-builder/action.yml b/.github/actions/generate-builder/action.yml index 8a52363342..54f8d4d42c 100644 --- a/.github/actions/generate-builder/action.yml +++ b/.github/actions/generate-builder/action.yml @@ -91,8 +91,8 @@ runs: # release binaries when the compile-builder input is false. VERIFIER_REPOSITORY: slsa-framework/slsa-verifier # The repository to download the pre-built verifier binary from. VERIFIER_RELEASE_BINARY: slsa-verifier-linux-amd64 # The name of the verifier binary in the release assets. - VERIFIER_RELEASE_BINARY_SHA256: ea687149d658efecda64d69da999efb84bb695a3212f29548d4897994027172d # The expected hash of the verifier binary. - VERIFIER_RELEASE: v2.3.0 # The version of the verifier to download. + VERIFIER_RELEASE_BINARY_SHA256: 9883e4c7fd0fead95815de1533db62d1ae19daf9d333b359e192fc65ffb401b2 # The expected hash of the verifier binary. + VERIFIER_RELEASE: v2.4.0 # The version of the verifier to download. COMPILE_BUILDER: "${{ inputs.compile-builder }}" # NOTE: If a builder reference is specified, then we will download this version of the builder. diff --git a/RELEASE.md b/RELEASE.md index 1497e7f864..50efecb23e 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -603,7 +603,7 @@ Then, for each of the GHA builders, you will need to: Wait for the runs to complete -2. Download the uploaded artifacts of each of the created releases. +2. Download the uploaded artifacts of each of the created releases. You can make use of [download-artifacts.sh](https://github.com/slsa-framework/slsa-verifier/blob/main/download-artifacts.sh) (not fully automated). 3. Move these files to `./cli/slsa-verifier/testdata/gha_$BUILDER_TYPE/$BUILDER_TAG/` in the