chore: Bump philips-labs/slsa-provenance-action from 0.2.2 to 0.4.0

[dependabot]

Bumps philips-labs/slsa-provenance-action from 0.2.2 to 0.4.0.

Release notes

Sourced from philips-labs/slsa-provenance-action's releases.

v0.4.0

Changelog

6442288 Add BuildConfig to predicate structure 5e82c30 Add URI and Digest to ConfigSource 9086b31 Add assertions for metadata 33cb940 Add documentation about release procedure 60854d2 Add make command to automate release procedure 4d1028a Add test to verify code is producing the correct JSON 2ca9be8 Apply suggestions from code review 33ba3da Bump v0.3.0 to v0.4.0 for release 10c44b6 Move recipe.type one level up as buildType b79087a Refactor arguments to parameters 19073a9 Refactor invocation entrypoint to configSource 968662e Remove definedInMaterial from invocation 9551b97 Rename recipe to invocation af780dc Update example_provenance.json to slsa 0.2 spec

Docker images

• docker pull philipssoftware/slsa-provenance:v0.4.0
• docker pull philipssoftware/slsa-provenance:33ba3da2213c83ce02df0f2f6ba925ec79037f9d
• docker pull ghcr.io/philips-labs/slsa-provenance:v0.4.0
• docker pull ghcr.io/philips-labs/slsa-provenance:33ba3da2213c83ce02df0f2f6ba925ec79037f9d

v0.3.0

Changelog

fc936c4 ⬆️ Bump actions/checkout from 2.3.5 to 2.4.0 c360d68 📝 Update Readme 2377f4c Add extra_materials to action.yaml 7267549 Add extra_materials to example workflow bc88d4e Add some checks for extra materials 58dea99 Add test case for exceptions 920b639 Allow injection of extra materials via files bfc0af0 Bump golang.org/x/crypto and golang.org/x/net transient dependencies 7114783 Don't require GITHUB_TOKEN for non-downloads 528e699 Fix CI for extra_materials 53b24cf Prevent duplicate workflow runs when pushing PR 153a9dc Release version 0.3.0 6cb63d0 Remove emojis and add commit sign-off f2e8333 Rename TestVersionJson to TestVersionJSON to match Go conventions f88630d Rename test data example provenance 87cc281 Resolve nil pointers during flaky test run 33d83e6 Update README on extra_materials 12f82ed Update and sync extra_materials description

Docker images

... (truncated)

Commits

• 33ba3da Bump v0.3.0 to v0.4.0 for release
• de8de05 Merge pull request #78 from philips-labs/slsa-0.2
• 9086b31 Add assertions for metadata
• 4d1028a Add test to verify code is producing the correct JSON
• 968662e Remove definedInMaterial from invocation
• 6442288 Add BuildConfig to predicate structure
• b79087a Refactor arguments to parameters
• 5e82c30 Add URI and Digest to ConfigSource
• 19073a9 Refactor invocation entrypoint to configSource
• af780dc Update example_provenance.json to slsa 0.2 spec
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)