mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-19 00:17:54 +00:00
088e97075c
Set: ``` permissions: contents: read ``` as the default top-level permissions explicitly to conform to recommended security practices e.g. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
50 lines
1.2 KiB
YAML
50 lines
1.2 KiB
YAML
on:
|
|
pull_request:
|
|
types:
|
|
- opened
|
|
- synchronize
|
|
- reopened
|
|
- labeled # a workflow runs only when the 'ok-to-test' label is added
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
name: Static checks self-hosted
|
|
jobs:
|
|
skipper:
|
|
if: ${{ contains(github.event.pull_request.labels.*.name, 'ok-to-test') }}
|
|
uses: ./.github/workflows/gatekeeper-skipper.yaml
|
|
with:
|
|
commit-hash: ${{ github.event.pull_request.head.sha }}
|
|
target-branch: ${{ github.event.pull_request.base.ref }}
|
|
|
|
build-checks:
|
|
needs: skipper
|
|
if: ${{ needs.skipper.outputs.skip_static != 'yes' }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
instance:
|
|
- "ubuntu-22.04-arm"
|
|
- "s390x"
|
|
- "ppc64le"
|
|
uses: ./.github/workflows/build-checks.yaml
|
|
with:
|
|
instance: ${{ matrix.instance }}
|
|
|
|
build-checks-preview:
|
|
needs: skipper
|
|
if: ${{ needs.skipper.outputs.skip_static != 'yes' }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
instance:
|
|
- "riscv-builder"
|
|
uses: ./.github/workflows/build-checks-preview-riscv64.yaml
|
|
with:
|
|
instance: ${{ matrix.instance }}
|