harden-runner/.github/workflows/recurring-int-tests.yml

name: Recurring INT tests
on:
  workflow_dispatch:
  schedule:
    - cron: '0 */2 * * *' # every other hour

permissions:
  contents: read

jobs:
  int-tests:
    name: int tests
    runs-on: ubuntu-latest
    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6
      with:
        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

    - name: Canary test
      uses: docker://ghcr.io/step-security/integration-test/int:latest
      env:
        PAT: ${{ secrets.PAT }}
        canary: true

  int-tls-tests:
    name: int tls tests
    runs-on: ubuntu-latest
    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6
      with:
        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

    - name: Canary test
      uses: docker://ghcr.io/step-security/integration-test/int:latest
      env:
        PAT: ${{ secrets.PAT }}
        canary-tls: true