Apply suggestions from code review

woodruffw · web-flow · commit cb7f0a765e50 · 2025-10-21T15:23:31.000-04:00
Signed-off-by: William Woodruff &lt;william@yossarian.net&gt;
diff --git a/.github/workflows/cross-os.yml b/.github/workflows/cross-os.yml
@@ -46,7 +46,7 @@ jobs:
           cache-dependency-path: pyproject.toml
       - run: pip install .
       - name: Fetch testing oidc token
-        uses: sigstore-conformance/extremely-dangerous-public-oidc-beacon@039e3afae9c6fde85c8c6c83f8b3e634a9e9fa94 # main
+        uses: sigstore-conformance/extremely-dangerous-public-oidc-beacon@4a8befcc16064dac9e97f210948d226e5c869bdc # v1.0.0
       - name: Sign 
         run: python -m sigstore --staging sign --identity-token $(cat oidc-token.txt) test/assets/a.txt
       - name: upload signature bundle
diff --git a/.github/workflows/cross-version-verify.yaml b/.github/workflows/cross-version-verify.yaml
@@ -38,7 +38,7 @@ jobs:
           cache-dependency-path: pyproject.toml
       - run: pip install .
       - name: Fetch testing oidc token
-        uses: sigstore-conformance/extremely-dangerous-public-oidc-beacon@039e3afae9c6fde85c8c6c83f8b3e634a9e9fa94 # main
+        uses: sigstore-conformance/extremely-dangerous-public-oidc-beacon@4a8befcc16064dac9e97f210948d226e5c869bdc # v1.0.0
       - name: Sign 
         run: |
           python -m sigstore --staging sign --bundle artifact-rekor2.sigstore.json --identity-token $(cat oidc-token.txt) --rekor-version=2 test/assets/a.txt
