From 57f010d26af871587be87f5aed2550893d564a8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Batuhan=20Apayd=C4=B1n?= <batuhan.apaydin@trendyol.com>
Date: Tue, 7 Mar 2023 06:43:25 +0300
Subject: [PATCH] replace manual slsa-verifier installation with action (#1585)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
---
 .github/workflows/release.yml | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d355f5f73..abdaad321 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -52,20 +52,8 @@ jobs:
     steps:
       # Note: this will be replaced with the GHA in the future.
       # See https://github.com/slsa-framework/slsa-verifier/issues/95
-      - name: Install the verifier
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          set -euo pipefail
-          gh -R slsa-framework/slsa-verifier release download v1.2.0 -p "slsa-verifier-linux-amd64"
-          chmod ug+x slsa-verifier-linux-amd64
-          # Note: see https://github.com/slsa-framework/slsa-verifier/blob/main/SHA256SUM.md
-          COMPUTED_HASH=$(sha256sum slsa-verifier-linux-amd64 | cut -d ' ' -f1)
-          EXPECTED_HASH="37db23392c7918bb4e243cdb097ed5f9d14b9b965dc1905b25bc2d1c0c91bf3d"
-          if [[ "$EXPECTED_HASH" != "$COMPUTED_HASH" ]];then
-              echo "error: expected $EXPECTED_HASH, computed $COMPUTED_HASH"
-              exit 1
-          fi
+      - name: Install SLSA verifier
+        uses: slsa-framework/slsa-verifier/actions/installer@v2.0.1
       - name: Download assets
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}