return actions/attest-build-provenance to be pinned by ref

Author: OptimumCode

.github/workflows/build-all.yml

@@ -114,7 +114,7 @@ jobs:
           registry: ${{ env.IMAGE_REGISTRY }}
 
       - name: Generate attestation for images
-        uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0
+        uses: actions/attest-build-provenance@v2
         with:
           subject-name: ${{ env.IMAGE_REGISTRY }}/${{ steps.build_image.outputs.image }}
           subject-digest: ${{ steps.push.outputs.digest }}

.github/workflows/build-image.yml

@@ -109,7 +109,7 @@ jobs:
         if: inputs.publish-image
 
       - name: Generate attestation for images
-        uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0
+        uses: actions/attest-build-provenance@v2
         with:
           subject-name: ${{ env.IMAGE_REGISTRY }}/${{ steps.build_image.outputs.image }}
           subject-digest: ${{ steps.push.outputs.digest }}

zizmor.yml

@@ -2,7 +2,6 @@ rules:
   unpinned-uses:
     config:
       policies:
-        actions/attest-build-provenance: hash-pin
         actions/*: ref-pin
         redhat-actions/*: hash-pin
         "*": ref-pin