Merge "Fix logging of unparseable checkpoint errors." into main #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build SLSA3 Provenances | |
| # See https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| on: | |
| push: | |
| branches: [main] | |
| # This workflow builds several binaries and is very time and resource consuming. As a result it | |
| # is disabled by default on pull-request events. If you need to test this workflow on your PR | |
| # before merge, label it with `provenance:force-run` to trigger the workflow. | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| build_binary: | |
| if: | | |
| github.event_name == 'push' || | |
| contains(github.event.pull_request.labels.*.name, 'provenance:force-run') | |
| # We use the same job template to generate provenances for multiple binaries. | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| buildconfig: | |
| - buildconfigs/bazel.toml | |
| - buildconfigs/ledger_enclave_app.toml | |
| - buildconfigs/square_enclave_app.toml | |
| - buildconfigs/sum_enclave_app.toml | |
| permissions: | |
| actions: read | |
| id-token: write | |
| # Allow the job to update the repo with the latest provenance info and index. | |
| contents: write | |
| # Allow the job to add a comment to the PR. | |
| pull-requests: write | |
| uses: ./.github/workflows/reusable_provenance.yaml | |
| with: | |
| build-config-path: ${{ matrix.buildconfig }} |