From 834a09f315b182e162939e24d7f8e55da6b09917 Mon Sep 17 00:00:00 2001
From: Rouel Joseph Soberano <rsoberano@launchdarkly.com>
Date: Fri, 26 Jan 2024 16:53:33 -0800
Subject: [PATCH] build: updating provenance generation for manual-publish
 workflows

---
 .github/workflows/manual-publish.yml | 4 +---
 PROVENANCE.md                        | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/manual-publish.yml b/.github/workflows/manual-publish.yml
index 6330997..8a34636 100644
--- a/.github/workflows/manual-publish.yml
+++ b/.github/workflows/manual-publish.yml
@@ -50,6 +50,4 @@ jobs:
     uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0
     with:
       base64-subjects: "${{ needs.build-publish.outputs.package-hashes }}"
-      upload-assets: true
-      upload-tag-name: TBD
-        
\ No newline at end of file
+      upload-assets: ${{ !inputs.dry_run }}
diff --git a/PROVENANCE.md b/PROVENANCE.md
index f14396b..a262f22 100644
--- a/PROVENANCE.md
+++ b/PROVENANCE.md
@@ -17,10 +17,8 @@ $ curl --location -O \
 # Run slsa-verifier to verify provenance against package artifacts 
 $ slsa-verifier verify-artifact \
 --provenance-path multiple-provenance.intoto.jsonl \
---source-uri github.com/launchdarkly/launchdarkly-server-sdk \
+--source-uri github.com/launchdarkly/python-server-sdk \
 launchdarkly_server_sdk-VERSION-py3-none-any.whl
-
-TBD OUTPUT
 ```
 
 Alternatively, to verify the provenance manually, the SLSA framework specifies [recommendations for verifying build artifacts](https://slsa.dev/spec/v1.0/verifying-artifacts) in their documentation.