update: bump ossf/scorecard-action from 2.1.3 to 2.2.0 #3996
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: cicd | |
on: | |
push: | |
branches: | |
- master | |
- develop | |
pull_request: | |
branches: | |
- master | |
- develop | |
permissions: {} | |
defaults: | |
run: | |
shell: bash | |
env: | |
SKIP_INTEGRATION_TESTS: 'none' # 'none', 'non-required', 'all' | |
jobs: | |
conditionals: | |
runs-on: ubuntu-latest | |
outputs: | |
skip_integration_tests: ${{ steps.conditionals.outputs.skip_integration_tests }} | |
steps: | |
- name: CI conditionals | |
id: conditionals | |
run: | | |
echo "skip_integration_tests=${SKIP_INTEGRATION_TESTS}" >> ${GITHUB_OUTPUT} | |
build: | |
uses: ./.github/workflows/.reusable-build.yml | |
permissions: | |
packages: write | |
secrets: inherit | |
compliance: | |
uses: ./.github/workflows/.reusable-compliance.yml | |
permissions: | |
contents: write | |
id-token: write | |
security-events: write | |
actions: read | |
checks: read | |
deployments: read | |
issues: read | |
discussions: read | |
packages: read | |
pages: read | |
pull-requests: read | |
repository-projects: read | |
statuses: read | |
secrets: inherit | |
sast: | |
uses: ./.github/workflows/.reusable-sast.yml | |
permissions: | |
security-events: write | |
pull-requests: read | |
sca: | |
uses: ./.github/workflows/.reusable-sca.yml | |
needs: [build] | |
permissions: | |
contents: write | |
security-events: write | |
packages: read | |
secrets: inherit | |
with: | |
registry: ${{ needs.build.outputs.build_registry }} | |
repo_owner: ${{ github.repository_owner }} | |
image: ${{ needs.build.outputs.build_image }} | |
unit-test: | |
uses: ./.github/workflows/.reusable-unit-test.yml | |
docs: | |
uses: ./.github/workflows/.reusable-docs.yaml | |
permissions: | |
contents: write | |
integration-test: | |
uses: ./.github/workflows/.reusable-integration-test.yml | |
needs: [conditionals, build] | |
if: needs.conditionals.outputs.skip_integration_tests != 'all' | |
permissions: | |
packages: read | |
secrets: inherit | |
with: | |
build_registry: ${{ needs.build.outputs.build_registry }} | |
repo_owner: ${{ github.repository_owner }} | |
build_image_repository: ${{ needs.build.outputs.build_registry }}/${{ needs.build.outputs.build_repo }} | |
build_tag: ${{ needs.build.outputs.build_tag }} | |
skip_integration_tests: ${{ needs.conditionals.outputs.skip_integration_tests }} | |
cosign_public_key: ${{ needs.build.outputs.cosign_public_key }} |