Update dependency open-policy-agent/opa to v1.5.1 #895

Workflow file for this run

.github/workflows/conftest-unittests.yaml at 2b16dcb

	name: Run conftest-unittests.sh

	on: [push, pull_request]

	# Declare default permissions as read only.
	permissions: read-all

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	conftest:
	runs-on: ubuntu-latest
	env:
	# renovate: datasource=pypi depName=yq
	YQ_VERSION: 3.4.3
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Setup Python
	uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5

	- name: Setup yq (pypi.org/project/yq/)
	run: \|
	pip3 install yq==${YQ_VERSION}

	- name: Setup Bats
	uses: bats-core/bats-action@42fcc8700f773c075a16a90eb11674c0318ad507 # 3.0.1

	- name: Setup Conftest
	uses: princespaghetti/setup-conftest@d75fd184422abf484802a0fefc0453f2cda20f95 # v1.1.23

	- name: Setup oc
	uses: redhat-actions/openshift-tools-installer@144527c7d98999f2652264c048c7a9bd103f8a82 # v1
	with:
	oc: "4"

	- name: Run _test/conftest-unittests.sh
	run: _test/conftest-unittests.sh

	- name: Tar and Generate hashes
	shell: bash
	id: hash
	run: \|
	tar cvf policy.tar policy/

	echo "hashes=$(sha256sum policy.tar \| base64 -w0)" >> "$GITHUB_OUTPUT"

	- name: Upload policy.tar
	uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
	with:
	name: policy.tar
	path: policy.tar
	if-no-files-found: error
	retention-days: 5

	outputs:
	hashes: ${{ steps.hash.outputs.hashes }}

	provenance:
	needs: [conftest]
	if: startsWith(github.ref, 'refs/tags/')
	permissions:
	actions: read
	id-token: write
	contents: write
	uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
	with:
	base64-subjects: "${{ needs.conftest.outputs.hashes }}"
	upload-assets: true

	release:
	needs: [conftest, provenance]
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/')
	permissions:
	contents: write
	steps:
	- name: Download policy.tar
	uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
	with:
	name: policy.tar

	- name: Upload assets to release
	uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2
	with:
	files: \|
	policy.tar

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependency open-policy-agent/opa to v1.5.1 #895

Workflow file

Update dependency open-policy-agent/opa to v1.5.1 #895

Uh oh!

Jobs

Run details

Workflow file for this run