diff --git a/.github/workflows/canary.yml b/.github/workflows/canary.yml new file mode 100644 index 0000000..25aa1e5 --- /dev/null +++ b/.github/workflows/canary.yml @@ -0,0 +1,39 @@ +name: Test a branch on canary +on: + workflow_dispatch: + inputs: + COMMIT_SHA: + description: 'Commit SHA to be tested' + required: true + +env: + COMMIT_SHA: ${{ github.event.inputs.COMMIT_SHA }} +defaults: + run: + shell: pwsh + +jobs: + update_tag: + name: Update the rc tag to ${{ github.event.inputs.COMMIT_SHA }} commit + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: step-security/harden-runner@v1 + with: + allowed-endpoints: + api.github.com:443 + github.com:443 + + - uses: actions/checkout@v2 + - name: Update the rc tag + uses: step-security/publish-action@b438f840875fdcb7d1de4fc3d1d30e86cf6acb5d + with: + rc-sha: ${{ env.COMMIT_SHA }} + rc: true + + - name: Canary test + uses: docker://ghcr.io/step-security/integration-test/int:latest + env: + PAT: ${{ secrets.PAT }} + canary: true \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d5031a7..7e28a40 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,10 +27,10 @@ jobs: allowed-endpoints: api.github.com:443 github.com:443 - + - uses: actions/checkout@v2 - name: Update the rc tag - uses: step-security/publish-action@cde4f11ad41e4f61d537fbbb989ea5fe812f8d50 + uses: step-security/publish-action@b438f840875fdcb7d1de4fc3d1d30e86cf6acb5d with: source-tag: ${{ env.TAG_NAME }} rc: true @@ -42,6 +42,6 @@ jobs: canary: true - name: Update the ${{ env.TAG_NAME }} tag - uses: step-security/publish-action@cde4f11ad41e4f61d537fbbb989ea5fe812f8d50 + uses: step-security/publish-action@b438f840875fdcb7d1de4fc3d1d30e86cf6acb5d with: source-tag: ${{ env.TAG_NAME }}