π bumped regal and added renovate config π (#205) #107
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run conftest-unittests.sh | ||
| on: [push, pull_request] | ||
| # Declare default permissions as read only. | ||
| permissions: read-all | ||
| jobs: | ||
| conftest: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | ||
| - name: Conftest | ||
| uses: redhat-cop/github-actions/confbatstest@11f2ce27643eb7c76ac3623cb99d9b08be30d762 # v4 | ||
| with: | ||
| tests: _test/conftest-unittests.sh | ||
| policies: '[]' # An empty array is provided as the policies are already cloned via source. | ||
| - name: Tar and Generate hashes | ||
| shell: bash | ||
| id: hash | ||
| run: | | ||
| tar cvf policy.tar policy/ | ||
| echo "hashes=$(sha256sum policy.tar | base64 -w0)" >> "$GITHUB_OUTPUT" | ||
| - name: Upload policy.tar | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: policy.tar | ||
| path: policy.tar | ||
| if-no-files-found: error | ||
| retention-days: 5 | ||
| outputs: | ||
| hashes: ${{ steps.hash.outputs.hashes }} | ||
| provenance: | ||
| needs: [validate] | ||
|
Check failure on line 41 in .github/workflows/conftest-unittests.yaml
|
||
| if: startsWith(github.ref, 'refs/tags/') | ||
| permissions: | ||
| actions: read | ||
| id-token: write | ||
| contents: write | ||
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
| with: | ||
| base64-subjects: "${{ needs.validate.outputs.hashes }}" | ||
| upload-assets: true | ||
| release: | ||
| needs: [validate, provenance] | ||
| runs-on: ubuntu-latest | ||
| if: startsWith(github.ref, 'refs/tags/') | ||
| permissions: | ||
| contents: write | ||
| steps: | ||
| - name: Download policy.tar | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: policy.tar | ||
| - name: Upload assets to release | ||
| uses: softprops/[email protected] | ||
| with: | ||
| files: | | ||
| policy.tar | ||
