TUF-on-CI online signing #162

	name: TUF-on-CI online signing

	permissions: {}

	on:
	schedule:
	- cron: '17 1,7,13,19 * * *'
	push:
	branches: [ main ]
	paths: ['metadata/**']
	workflow_dispatch:

	jobs:
	online-sign:
	runs-on: ubuntu-latest

	permissions:
	id-token: 'write' # for OIDC identity access
	contents: 'write' # for commiting snapshot/timestamp changes
	actions: 'write' # for dispatching publish workflow

	steps:
	- id: online-sign
	uses: theupdateframework/tuf-on-ci/actions/online-sign@d5496b4dfa28a02eec0d8ac1bb228ea08d3f7c1a # v0.3.0
	with:
	gcp_workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
	gcp_service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}

Provide feedback