From c074443f1aee8d4aeeae555aebba3282517141b2 Mon Sep 17 00:00:00 2001
From: Brian DeHamer <bdehamer@github.com>
Date: Wed, 5 Mar 2025 11:07:49 -0800
Subject: [PATCH] pin actions/attest reference by commit sha (#493)

Signed-off-by: Brian DeHamer <bdehamer@github.com>
---
 action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/action.yml b/action.yml
index c2572ad..db7935c 100644
--- a/action.yml
+++ b/action.yml
@@ -64,7 +64,7 @@ runs:
   steps:
     - uses: actions/attest-build-provenance/predicate@1176ef556905f349f669722abf30bce1a6e16e01 # predicate@1.1.5
       id: generate-build-provenance-predicate
-    - uses: actions/attest@v2.2.1
+    - uses: actions/attest@a63cfcc7d1aab266ee064c58250cfc2c7d07bc31 # v2.2.1
       id: attest
       with:
         subject-path: ${{ inputs.subject-path }}