⬆️ Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 (#113)

Bumps
[slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator)
from 1.10.0 to 2.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/slsa-framework/slsa-github-generator/releases">slsa-framework/slsa-github-generator's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.0</h2>
<p><strong>This is an un-finalized release.</strong></p>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<h2>v2.0.0-rc.0</h2>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md">slsa-framework/slsa-github-generator's
changelog</a>.</em></p>
<blockquote>
<h2>v2.0.0</h2>
<h3>v2.0.0: Breaking Change: upload-artifact and download-artifact</h3>
<ul>
<li>Our workflows now use the new <code>@v4</code>s of
<code>actions/upload-artifact</code> and
<code>actions/download-artifact</code>, which are incompatiblle with the
prior <code>@V3</code>. See Our docs on the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#compatibility-with-actionsdownload-artifact">generic
generator</a> for more information and how to upgrade.</li>
</ul>
<h3>v2.0.0: Breaking Change: attestation-name Workflow Input and
Output</h3>
<ul>
<li><code>attestation-name</code> as a workflow input to
<code>.github/workflows/generator_generic_slsa3.yml</code> is now
removed. Use <code>provenance-name</code> instead.</li>
</ul>
<h3>v2.0.0: DSSE Rekor Type</h3>
<ul>
<li>When uploading signed provenance to the log, the entry created in
the log is now
a DSSE Rekor type. This fixes a bug where the current intoto type does
not
persist provenance signatures. The attestation will no longer be
persisted
in Rekor (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3299">#3299</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/41733f74c025cc6d156547121989dd50fbc92364"><code>41733f7</code></a>
chore: v2.0.0-rc.0: update tags (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3578">#3578</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/3789345176c808c7a10e049021fce712d8a0c8b7"><code>3789345</code></a>
docs: v.2.0.0: finalize CHANGELOG.md (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3577">#3577</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/02fc78b979e15ee621875039cb550e5b454b0955"><code>02fc78b</code></a>
fix: deadlock and improve debugging experience (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3570">#3570</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/4534a0b24500dfdd11685f2950cba9a35086c4d2"><code>4534a0b</code></a>
break: Revert &quot;chore: Revert &quot;fix: upload-artifact and
download-artifact v4&quot;&quot;...</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/e8c2dcff94b830dfe6897c48b7218c85fe6f3eb3"><code>e8c2dcf</code></a>
fix(deps): Update Sigstore Dep to Sigstore 2.2.2 (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3491">#3491</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/2512315f2272b7cde8e609d26a55807593c8dc68"><code>2512315</code></a>
feat(breaking): remove attestation-name input and output (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3456">#3456</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/4fbc6a9e127dff1c59d860d84c0234d1b5e3a3e3"><code>4fbc6a9</code></a>
chore: add ramonpetgrave64 to CODEOWNERS (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3490">#3490</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/8869c8a5155fcf554f5bc8dfa4ac3cae624d8513"><code>8869c8a</code></a>
fix: Switch to newer DSSE rekor type (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3299">#3299</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/9d81ca7164fc7ec1291ec266552f37bbb9099c6b"><code>9d81ca7</code></a>
chore: Update slsa-verifier version (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3454">#3454</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/d6b8c9f3cf323290338cde46659623ed44f3ea07"><code>d6b8c9f</code></a>
chore: Ref to main after v1.10.0 release (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/3421">#3421</a>)</li>
<li>See full diff in <a
href="https://github.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=slsa-framework/slsa-github-generator&package-manager=github_actions&previous-version=1.10.0&new-version=2.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/publish.yml

@@ -51,7 +51,7 @@ jobs:
       actions: read
       contents: write
       id-token: write # Needed to access the workflow's OIDC identity.
-    uses: "slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0"
+    uses: "slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0"
     with:
       base64-subjects: "${{ needs.build.outputs.hashes }}"
       upload-assets: true