Update github/codeql-action action to v3 #155

Workflow file for this run

.github/workflows/conftest-unittests.yaml at 905fd90

	name: Run conftest-unittests.sh

	on: [push, pull_request]

	# Declare default permissions as read only.
	permissions: read-all

	jobs:
	conftest:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

	- name: Conftest
	uses: redhat-cop/github-actions/confbatstest@11f2ce27643eb7c76ac3623cb99d9b08be30d762 # v4
	with:
	tests: _test/conftest-unittests.sh
	policies: '[]' # An empty array is provided as the policies are already cloned via source.

	- name: Tar and Generate hashes
	shell: bash
	id: hash
	run: \|
	tar cvf policy.tar policy/

	echo "hashes=$(sha256sum policy.tar \| base64 -w0)" >> "$GITHUB_OUTPUT"

	- name: Upload policy.tar
	uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
	with:
	name: policy.tar
	path: policy.tar
	if-no-files-found: error
	retention-days: 5

	outputs:
	hashes: ${{ steps.hash.outputs.hashes }}

	provenance:
	needs: [conftest]
	if: startsWith(github.ref, 'refs/tags/')
	permissions:
	actions: read
	id-token: write
	contents: write
	uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
	with:
	base64-subjects: "${{ needs.conftest.outputs.hashes }}"
	upload-assets: true

	release:
	needs: [conftest, provenance]
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/')
	permissions:
	contents: write
	steps:
	- name: Download policy.tar
	uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3
	with:
	name: policy.tar

	- name: Upload assets to release
	uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
	with:
	files: \|
	policy.tar

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update github/codeql-action action to v3 #155

Workflow file

Update github/codeql-action action to v3 #155

Jobs

Run details

Workflow file for this run