mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-03-18 10:44:10 +00:00
b4545da15d
The default suggestion for top-level permissions was `contents: read`, but scorecard notes anything other than empty, so try updating it and see if there are any issues. I think it's only needed if we run workflows from other repos. Signed-off-by: stevenhorsman <steven@uk.ibm.com>
34 lines
1.0 KiB
YAML
34 lines
1.0 KiB
YAML
name: Kata Containers CoCo Stability Tests Weekly
|
|
on:
|
|
# Note: This workload is not currently maintained, so skipping it's scheduled runs
|
|
# schedule:
|
|
# - cron: '0 0 * * 0'
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
kata-containers-ci-on-push:
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
id-token: write
|
|
attestations: write
|
|
uses: ./.github/workflows/ci-weekly.yaml
|
|
with:
|
|
commit-hash: ${{ github.sha }}
|
|
pr-number: "weekly"
|
|
tag: ${{ github.sha }}-weekly
|
|
target-branch: ${{ github.ref_name }}
|
|
secrets:
|
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
|
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|