Security upgrade https://github.com/pulumi/pulumi-azure-native/securi… #1106
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: master | |
on: | |
push: | |
branches: | |
- master | |
- main | |
- feature-** | |
paths-ignore: | |
- CHANGELOG.md | |
tags-ignore: | |
- v* | |
- sdk/* | |
- "**" | |
workflow_dispatch: | |
inputs: | |
short_test: | |
type: boolean | |
description: Skip longer running tests | |
default: false | |
jobs: | |
version: | |
uses: ./.github/workflows/version.yml | |
secrets: inherit | |
build_test: | |
uses: ./.github/workflows/build-test.yml | |
secrets: inherit | |
needs: version | |
with: | |
ref: ${{ github.ref }} | |
version: ${{ needs.version.outputs.version }} | |
short_test: ${{ inputs.short_test || false }} | |
# We cannot run OIDC tests in the release workflow because it's not a PR and we don't have a | |
# fixed tag or branch to serve as entity type, and we don't have Github environments | |
# configured. See | |
# https://learn.microsoft.com/en-us/azure/active-directory/workload-identities/workload-identity-federation-create-trust?pivots=identity-wif-apps-methods-azp#github-actions | |
oidc_arm_client_id: "" | |
retention_days: 30 | |
publish: | |
uses: ./.github/workflows/publish.yml | |
secrets: inherit | |
needs: | |
- version | |
- build_test | |
with: | |
ref: ${{ github.ref }} | |
version: ${{ needs.version.outputs.version }} | |
prerelease: true | |
# Skip creating the GH release draft because we never publish these prereleases. | |
# Push a prerelease tag instead if we want something that's publically visible. | |
publishGhRelease: false |