Skip to content

nightly

nightly #200

Workflow file for this run

name: nightly
on:
schedule:
- cron: "30 1 * * *"
permissions: {}
defaults:
run:
shell: bash
jobs:
build:
uses: ./.github/workflows/.reusable-build.yml
permissions:
packages: write
secrets: inherit
with:
build: false
compliance:
uses: ./.github/workflows/.reusable-compliance.yml
permissions:
contents: write
id-token: write
security-events: write
actions: read
checks: read
deployments: read
issues: read
discussions: read
packages: read
pages: read
pull-requests: read
repository-projects: read
statuses: read
secrets: inherit
sca-released:
name: sca (released)
uses: ./.github/workflows/.reusable-sca.yml
needs: [build]
permissions:
contents: write
security-events: write
packages: read
secrets: inherit
with:
image: ${{ needs.build.outputs.original_image }}
output: "table"
get-root:
name: Build and test get-root
runs-on: ubuntu-latest
defaults:
run:
shell: sh
container:
image: docker:stable
steps:
- name: Checkout code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Build and test get-root utility
run: |
docker build -t get-root-key -f docker/Dockerfile.getRoot .
docker run --rm get-root-key -i securesystemsengineering/testimage > output
cat output | grep "KeyID: 76d211ff8d2317d78ee597dbc43888599d691dbfd073b8226512f0e9848f2508"
cat output | grep "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsx28WV7BsQfnHF1kZmpdCTTLJaWe"
cleanup-registry:
uses: ./.github/workflows/.reusable-cleanup-registry.yml
needs: [build]
secrets: inherit