affinity: {}

    # Custom annotations on pod level, if you need them
    podAnnotations: {}

    # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")?
    # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case
    chained: true

    # Custom configuration happens based on the CNI provider.

# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecard supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:

    install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
    operator.istio.io/component: "Cni"
data:
  # The CNI network configuration to add to the plugin chain on each node.  The special
  # values in this config will be automatically populated.
  cni_network_config: |-
        {
          "cniVersion": "0.3.1",
          "name": "istio-cni",
          "type": "istio-cni",

# See the License for the specific language governing permissions and
# limitations under the License.
# ============================================================================

name: Scorecards supply-chain security
on:
  # Only the default branch is supported.
  branch_protection_rule:
  schedule:
    - cron: '44 15 * * 5'
  push:
    branches: [ master ]

# Declare default permissions as read only.