-
Notifications
You must be signed in to change notification settings - Fork 17
100 lines (91 loc) · 1.9 KB
/
on.push.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: CI
"on":
merge_group: {}
push:
branches:
- stable
- main
permissions:
contents: read
concurrency:
group: "push-${{ github.ref }}"
jobs:
##
## Job: Multi-platform Build
##
build:
name: "Build"
uses: ./.github/workflows/job.build.yml
secrets: inherit
permissions:
actions: "read"
contents: "write"
id-token: "write"
checks: "write"
packages: "write"
pull-requests: "write"
deployments: "write"
statuses: "write"
security-events: "write"
with:
provenance: true
##
## Job: Multi-platform Test
##
test:
name: "Build"
uses: ./.github/workflows/job.test.yml
secrets: inherit
permissions:
actions: "read"
contents: "write"
id-token: "write"
checks: "write"
packages: "write"
pull-requests: "write"
deployments: "write"
statuses: "write"
security-events: "write"
##
## Job: Checks for Models
##
publish-model:
name: "Publish"
uses: ./.github/workflows/job.deploy-model.yml
secrets:
BUF_TOKEN: ${{ secrets.BUF_TOKEN }}
permissions:
contents: "read"
##
## Job: Check for Wrapper
##
check-wrapper:
name: "Checks"
uses: ./.github/workflows/checks.gradle-wrapper.yml
permissions:
contents: "read"
##
## Job: Checks with Sonar
##
check-sonar:
name: "Checks"
uses: ./.github/workflows/checks.sonar.yml
needs: [build]
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }}
permissions:
contents: "read"
##
## Job: Checks with CodeQL
##
check-codeql:
name: "Checks"
uses: ./.github/workflows/checks.codeql.yml
needs: [build]
secrets:
BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }}
permissions:
actions: "read"
contents: "read"
security-events: "write"