Skip to content

chore(deps): update actions/attest-build-provenance action to v1.4.1 #1538

chore(deps): update actions/attest-build-provenance action to v1.4.1

chore(deps): update actions/attest-build-provenance action to v1.4.1 #1538

Workflow file for this run

name: Pull Request πŸ“₯
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
cancel-in-progress: true
on:
pull_request_target:
paths-ignore:
- '**/*.md'
merge_group:
jobs:
push-comment:
name: Create comments ✍️
if: ${{ always() && !cancelled() }}
uses: ./.github/workflows/__job_messages.yml
secrets: inherit
with:
commit: ${{ github.event.pull_request.head.sha }}
in_progress: true
comment: true
project:
name: Add to project board πŸ“Š
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- uses: alex-page/[email protected]
with:
project: Ongoing development
column: In progress
repo-token: ${{ secrets.JF_BOT_TOKEN }}
label:
name: Labeling 🏷️
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- name: Label depending on modified files
uses: actions/[email protected]
with:
sync-labels: true
repo-token: ${{ secrets.JF_BOT_TOKEN }}
build:
name: Build πŸ—οΈ
if: ${{ always() && !cancelled() }}
uses: ./.github/workflows/__package.yml
# Needed for attestation publication
permissions:
id-token: write
attestations: write
with:
commit: ${{ github.event.pull_request.head.sha }}
quality_checks:
name: Quality checks πŸ‘ŒπŸ§ͺ
if: ${{ always() && !cancelled() }}
uses: ./.github/workflows/__quality_checks.yml
permissions: {}
with:
commit: ${{ github.event.pull_request.head.sha }}
codeql:
name: GitHub CodeQL πŸ”¬
if: ${{ always() && !cancelled() }}
uses: ./.github/workflows/__codeql.yml
permissions:
actions: read
contents: read
security-events: write
with:
commit: ${{ github.event.pull_request.head.sha }}
deploy:
name: Deploy πŸš€
uses: ./.github/workflows/__deploy.yml
if: ${{ always() && !cancelled() && needs.build.result == 'success' }}
needs:
- push-comment
- build
permissions:
contents: read
deployments: write
secrets: inherit
with:
# If the PR is from the master branch of a fork, append the fork's name to the branch name
branch: ${{ github.event.pull_request.head.repo.full_name != github.repository && github.event.pull_request.head.ref == 'master' && format('{0}/{1}', github.event.pull_request.head.repo.full_name, github.event.pull_request.head.ref) || github.event.pull_request.head.ref }}
comment: true
commit: ${{ github.event.pull_request.head.sha }}