mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-11 00:52:00 +00:00
In 7afdfc7388 we
just disabled the undocumented-permissions zizmor warning,
but now with AI we can roll this fix more easily, so remove
the disabling of the rule and add the comments
Generated-By: IBM Bob
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
35 lines
1.2 KiB
YAML
35 lines
1.2 KiB
YAML
name: Kata Containers Nightly CI
|
|
on:
|
|
schedule:
|
|
- cron: '0 0 * * *'
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
kata-containers-ci-on-push:
|
|
permissions:
|
|
contents: read
|
|
packages: write # needed to push build artifacts to ghcr.io
|
|
id-token: write # needed to sign images and generate attestations
|
|
attestations: write # needed to generate artifact attestations
|
|
uses: ./.github/workflows/ci.yaml
|
|
with:
|
|
commit-hash: ${{ github.sha }}
|
|
pr-number: "nightly"
|
|
tag: ${{ github.sha }}-nightly
|
|
target-branch: ${{ github.ref_name }}
|
|
extensive-matrix-autogenerated-policy: "yes"
|
|
tee-test-scope: "full"
|
|
secrets:
|
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
|
NGC_API_KEY: ${{ secrets.NGC_API_KEY }}
|
|
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|