Skip to content

verify-conformance

verify-conformance #44

on:
workflow_dispatch: {}
schedule:
- cron: '0 * * * *'
permissions:
contents: read
pull-requests: write
issues: write
jobs:
verify-conformance:
runs-on: ubuntu-latest
steps:
- name: write-config
env:
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
GH_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_HMAC: ${{ secrets.GH_APP_HMAC }}
run: |
mkdir -p ./tmp/
curl -sSLv https://raw.githubusercontent.com/cncf-infra/verify-conformance/main/hack/local-dev/verify-conformance-config.yaml -o ./verify-conformance-config.yaml
echo '${{ env.GH_APP_PRIVATE_KEY }}' | base64 -d > ./tmp/github-app-private-key
echo '${{ env.GH_APP_HMAC }}' > ./tmp/hmac
- name: verify-conformance
env:
GH_APP_ID: ${{ secrets.GH_APP_ID }}
run: |
set -x
docker run --rm \
-v "$PWD:$PWD:ro" \
--workdir "$PWD" \
ghcr.io/cncf-infra/verify-conformance/action:latest \
--github-endpoint=https://api.github.com \
--dry-run=false \
--plugin-config="$PWD/verify-conformance-config.yaml" \
--github-app-id="${{ env.GH_APP_ID }}" \
--github-app-private-key-path="$PWD/tmp/github-app-private-key" \
--hmac-secret-file=$PWD/tmp/hmac
- name: cleanup
if: ${{ always() }}
run: |
rm -rf ./tmp/