sync'ing branch1 - Tue Nov 5 06:08:20 UTC 2024 #14751

	# Copyright 2023 SLSA Authors
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	name: schedule verify-token wrapper

	on:
	# Daily run.
	schedule:
	- cron: "0 4 * * *"
	workflow_dispatch:
	push:
	branches: [main]

	permissions: read-all

	concurrency: "e2e.verify-token.push.main"

	env:
	GH_TOKEN: ${{ secrets.E2E_NODEJS_TOKEN }}
	ISSUE_REPOSITORY: slsa-framework/slsa-github-generator

	jobs:
	push:
	runs-on: ubuntu-latest
	if: github.event_name == 'schedule' \|\| github.event_name == 'workflow_dispatch'
	permissions:
	contents: write
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- run: ./.github/workflows/scripts/e2e-push.sh

	verify-token-e2e:
	if: github.event_name == 'push' && github.event.head_commit.message == github.workflow
	permissions:
	contents: read
	id-token: write
	issues: write
	# NOTE: must call @main is required rather than using a "same repo" call so
	# that the job_workflow_ref is correctly set to the reusable workflow.
	uses: slsa-framework/example-package/.github/workflows/e2e.verify-token.reusable.yml@main

Provide feedback