Replace with upstream scai-demos Actions

Signed-off-by: Marcela Melara <[email protected]>

.github/workflows/kubeconNA23-intoto-demo.yml

@@ -80,20 +80,14 @@ jobs:
         with:
           go-version: 1.20.x
 
-      - name: Checkout updated scai-gen CLI tools
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
-        with:
-          repository: marcelamelara/scai-demos
-          ref: add-scai-reusable-workflows
-          path: scai-demos
       - name: Install scai-gen CLI tools
         shell: bash
         run: |
-          go install ./scai-demos/scai-gen
+          go install github.com/in-toto/scai-demos/scai-gen@latest
 
       - name: Generate SBOM SCAI AttributeAssertion
         id: gen-sbom-assert
-        uses: marcelamelara/scai-demos/.github/actions/scai-gen-assert@add-scai-reusable-workflows
+        uses: in-toto/scai-demos/.github/actions/scai-gen-assert@e89d20c8353f2f9c169d3096483a151ae3bf8109
         with:
           attribute: "HasSBOM"
           evidence-file: "pdo_client_wawaka.spdx.json"
@@ -102,34 +96,43 @@ jobs:
 
       - name: Generate SLSA Provenance SCAI AttributeAssertion
         id: gen-slsa-assert
-        uses: marcelamelara/scai-demos/.github/actions/scai-gen-assert@add-scai-reusable-workflows
+        uses: in-toto/scai-demos/.github/actions/scai-gen-assert@e89d20c8353f2f9c169d3096483a151ae3bf8109
         with:
           attribute: "HasSLSA"
           evidence-file: "${{ needs.provenance.outputs.provenance-name }}"
           evidence-type: "application/vnd.in-toto.provenance+dsse"
           assertion-name: "hasslsa-assertion.json"
 
+      - name: Generate SLSA L3 Isolated build SCAI AttributeAssertion
+        id: gen-non-hermetic-assert
+        uses: in-toto/scai-demos/.github/actions/scai-gen-assert@e89d20c8353f2f9c169d3096483a151ae3bf8109
+        with:
+          attribute: "NonHermeticBuild"
+          evidence-file: "strace.log"
+          evidence-type: "text/plain"
+          assertion-name: "isolated-assertion.json"
+
       - name: Generate container image subject ResourceDescriptor
         id: gen-container-img-rd
-        uses: marcelamelara/scai-demos/.github/actions/scai-gen-rd@add-scai-reusable-workflows
+        uses: in-toto/scai-demos/.github/actions/scai-gen-rd@e89d20c8353f2f9c169d3096483a151ae3bf8109
         with:
-          is_file: false
+          is-file: false
           name: "${{ needs.pdo_ci.outputs.img-name }}"
           digest: "${{ needs.pdo_ci.outputs.img-hash }}"
           hash-alg: "sha256"
           rd-name: "container-img-desc.json"
 
       - name: Generate SCAI AttributeReport
         id: gen-sbom-slsa-report
-        uses: marcelamelara/scai-demos/.github/actions/scai-gen-report@add-scai-reusable-workflows
+        uses: in-toto/scai-demos/.github/actions/scai-gen-report@e89d20c8353f2f9c169d3096483a151ae3bf8109
         with:
           subject: "${{ steps.gen-container-img-rd.outputs.remote-rd-name }}"
-          attr-assertions: "${{ steps.gen-sbom-assert.outputs.assertion-name }} ${{ steps.gen-slsa-assert.outputs.assertion-name }}"
+          attr-assertions: "${{ steps.gen-sbom-assert.outputs.assertion-name }} ${{ steps.gen-slsa-assert.outputs.assertion-name }} ${{ steps.gen-non-hermetic-assert.outputs.assertion-name }}"
           report-name: "evidence-collection.scai.json"
 
       - name: Sign and upload generated SCAI report (Sigstore)
         id: sign-report
-        uses: marcelamelara/scai-demos/.github/actions/scai-gen-sigstore@add-scai-reusable-workflows
+        uses: in-toto/scai-demos/.github/actions/scai-gen-sigstore@e89d20c8353f2f9c169d3096483a151ae3bf8109
         with:
           statement-file: ${{ steps.gen-sbom-slsa-report.outputs.report-name }}
-          signed-name: ${{ steps.gen-sbom-slsa-report.outputs.report-name }}.sig
+          attestation-name: ${{ steps.gen-sbom-slsa-report.outputs.report-name }}.sig