chore: update refs to v2.1.0-rc.1 (#4120)

#label:release v2.1.0-rc.1

# Summary

Retrying the release, under a new tag, not rc.0.

The [original release
steps](https://github.com/slsa-framework/slsa-github-generator/blob/v2.0.0/RELEASE.md#verify-rc-version-references)
required doing a force push to update the tag in order to trigger
workflow to produce the binaries as release artifacts. But now, repo
settings make tags immutable, and I don't have permission to change the
settings, so we'll try something different:

1. Use the changes in this PR's branch (not main) to cut a new
pre-release under a new tag. This should produce the binaries and
associate it with the release.
-
https://github.com/slsa-framework/slsa-github-generator/releases/tag/v2.1.0-rc.1
1. Merge this PR, after doing step 1.
1. The release and main should now be at the same commit sha

## Testing Process

presubmits should pass

## Checklist

- [x] Review the contributing
[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)
- [x] Add a reference to related issues in the PR description.
- [x] Update documentation if applicable.
- [x] Add unit tests if applicable.
- [x] Add changes to the
[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
if applicable.

Signed-off-by: Ramon Petgrave <[email protected]>

Author: ramonpetgrave64

.github/actions/generate-builder/action.yml

@@ -62,7 +62,7 @@ runs:
   using: "composite"
   steps:
     - name: Checkout builder repository
-      uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+      uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
       with:
         repository: ${{ inputs.repository }}
         ref: ${{ inputs.ref }}

.github/actions/secure-download-artifact/action.yml

@@ -85,7 +85,7 @@ runs:
 
     - name: Compute the hash
       id: compute
-      uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+      uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
       with:
         path: "${{ steps.validate-path.outputs.file_path }}"
 

.github/actions/secure-download-folder/action.yml

@@ -31,7 +31,7 @@ runs:
   steps:
     - name: Compute a random value
       id: rng
-      uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+      uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
 
     - name: Download the artifact
       uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
@@ -41,7 +41,7 @@ runs:
 
     - name: Compute the hash
       id: compute
-      uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+      uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
       with:
         path: "${{ steps.rng.outputs.random }}/folder.tgz"
 

.github/actions/secure-upload-artifact/action.yml

@@ -32,7 +32,7 @@ runs:
   steps:
     - name: Compute binary hash
       id: compute-digest
-      uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+      uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
       with:
         path: "${{ inputs.path }}"
 

.github/actions/secure-upload-folder/action.yml

@@ -60,7 +60,7 @@ runs:
 
     - name: Upload the artifact
       id: upload
-      uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+      uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
       with:
         name: "${{ inputs.name }}"
         path: "${{ steps.create.outputs.tarball-path }}"

.github/workflows/builder_bazel_slsa3.yml

@@ -86,7 +86,7 @@ jobs:
     steps:
       - name: Generate the token
         id: generate
-        uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected].0
+        uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected].1
         with:
           slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml"
           slsa-rekor-log-public: ${{ inputs.rekor-log-public }}
@@ -100,6 +100,6 @@ jobs:
       id-token: write # For signing.
       contents: read # For asset uploads.
       actions: read # For the entrypoint.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected].0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected].1
     with:
       slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }}

.github/workflows/builder_container-based_slsa3.yml

@@ -165,7 +165,7 @@ jobs:
     steps:
       - name: Generate random 16-byte value (32-char hex encoded)
         id: rng
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
 
   # This detects the repository and ref of the reusable workflow.
   # For pull request, this gets the referenced slsa-github-generator workflow.
@@ -180,7 +180,7 @@ jobs:
     steps:
       - name: Detect the builder ref
         id: detect
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
 
   ###################################################################
   #                                                                 #
@@ -197,7 +197,7 @@ jobs:
     steps:
       - name: Generate builder binary
         id: generate
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -230,7 +230,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -357,7 +357,7 @@ jobs:
           docker login "${untrusted_registry}" -u "${username}" -p "${password}"
 
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -485,7 +485,7 @@ jobs:
       provenance-sha256: ${{ steps.upload-signed.outputs.sha256 }}
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -575,7 +575,7 @@ jobs:
     if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '')
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"

.github/workflows/builder_go_slsa3.yml

@@ -130,7 +130,7 @@ jobs:
     steps:
       - name: Generate random 16-byte value (32-char hex encoded)
         id: rng
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
 
   detect-env:
     outputs:
@@ -142,7 +142,7 @@ jobs:
     steps:
       - name: Detect the builder ref
         id: detect
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
 
   ###################################################################
   #                                                                 #
@@ -157,7 +157,7 @@ jobs:
     steps:
       - name: Generate builder binary
         id: generate
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -191,7 +191,7 @@ jobs:
     needs: [builder, rng, detect-env]
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -238,7 +238,7 @@ jobs:
     needs: [builder, build-dry, rng, detect-env]
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -320,7 +320,7 @@ jobs:
       go-provenance-sha256: ${{ steps.sign-prov.outputs.signed-provenance-sha256 }}
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -378,7 +378,7 @@ jobs:
     if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '')
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"

.github/workflows/builder_gradle_slsa3.yml

@@ -71,7 +71,7 @@ jobs:
     steps:
       - name: Generate the token
         id: generate
-        uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected].0
+        uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected].1
         with:
           slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml"
           slsa-rekor-log-public: ${{ inputs.rekor-log-public }}
@@ -85,7 +85,7 @@ jobs:
       id-token: write # For signing.
       contents: read # For asset uploads.
       actions: read # For the entrypoint.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected].0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected].1
     with:
       slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }}
 

.github/workflows/builder_maven_slsa3.yml

@@ -67,7 +67,7 @@ jobs:
     steps:
       - name: Generate the token
         id: generate
-        uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected].0
+        uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected].1
         with:
           slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml"
           slsa-rekor-log-public: "${{ inputs.rekor-log-public }}"
@@ -81,7 +81,7 @@ jobs:
       id-token: write # For signing.
       contents: read # For asset uploads.
       actions: read # For the entrypoint.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected].0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected].1
     with:
       slsa-token: "${{ needs.slsa-setup.outputs.slsa-token }}"
 

.github/workflows/builder_nodejs_slsa3.yml

@@ -89,7 +89,7 @@ jobs:
     steps:
       - name: Generate the token
         id: generate
-        uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected].0
+        uses: slsa-framework/slsa-github-generator/actions/delegator/[email protected].1
         with:
           slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml"
           slsa-rekor-log-public: ${{ inputs.rekor-log-public }}
@@ -104,6 +104,6 @@ jobs:
       id-token: write # For signing.
       contents: read # For repo checkout of private repos.
       actions: read # For getting workflow run on private repos.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected].0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected].1
     with:
       slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }}

.github/workflows/delegator_generic_slsa3.yml

@@ -84,7 +84,7 @@ jobs:
     steps:
       - name: Generate random 16-byte value (32-char hex encoded)
         id: rng
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
 
   # verify-token verifies the slsa token.
   verify-token:
@@ -100,7 +100,7 @@ jobs:
     steps:
       - name: Verify token
         id: verify
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           slsa-workflow-recipient: "delegator_generic_slsa3.yml"
           slsa-unverified-token: ${{ inputs.slsa-token }}
@@ -109,7 +109,7 @@ jobs:
 
       - name: Upload predicate
         id: upload
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}"
           path: ${{ env.SLSA_PREDICATE_FILE }}
@@ -120,7 +120,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check private repos
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           error_message: "Repository is private. The workflow has halted in order to keep the repository name from being exposed in the public transparency log. Set 'private-repository' to override."
           override: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).builder.rekor_log_public }}
@@ -147,7 +147,7 @@ jobs:
           echo "$RUNNER: $RUNNER"
 
       - name: Checkout the tool repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           repository: ${{ needs.verify-token.outputs.tool-repository }}
           ref: ${{ needs.verify-token.outputs.tool-ref }}
@@ -171,7 +171,7 @@ jobs:
           tree
 
       - name: Checkout the project repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           fetch-depth: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.fetch_depth }}
           checkout-sha1: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.sha1 }}
@@ -213,7 +213,7 @@ jobs:
 
       - name: Upload artifact layout file
         id: upload
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}"
           path: "${{ env.SLSA_ARTIFACTS_FILE }}"
@@ -229,14 +229,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download the artifact layout file
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}"
           path: "${{ env.SLSA_ARTIFACTS_FILE }}"
           sha256: ${{ needs.build-artifacts-ubuntu.outputs.artifacts-layout-sha256 }}
 
       - name: Download the predicate file
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}"
           path: ${{ env.SLSA_PREDICATE_FILE }}
@@ -266,7 +266,7 @@ jobs:
 
       - name: Generate attestations
         id: attestations
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           slsa-layout-file: ${{ env.SLSA_ARTIFACTS_FILE }}
           predicate-type: ${{ steps.predicate-type.outputs.predicate-type }}
@@ -275,14 +275,14 @@ jobs:
 
       - name: Sign attestations
         id: sign
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           attestations: attestations
           output-folder: "${{ needs.rng.outputs.value }}-slsa-attestations"
 
       - name: Upload attestations
         id: upload
-        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].0
+        uses: slsa-framework/slsa-github-generator/.github/actions/[email protected].1
         with:
           name: "${{ needs.rng.outputs.value }}-slsa-attestations"
           path: "${{ needs.rng.outputs.value }}-slsa-attestations"