# See .github/workflows/CheckBadMerge.groovy for explanation
name: Check bad merge commit
on:
  pull_request:
    types:
     - opened
     - synchronize

permissions: {}

jobs:
  check_pr_commits:
    permissions:
      contents: read
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Set up JDK 11

name: Check pulls metadata

on:
  pull_request_target:
    types: [ closed ]

permissions: {}

jobs:
  check_pull_metadata:
    permissions:
      issues: write
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      # Check that PRs have proper metadata: labels and milestone
      # https://github.com/gradle/issue-management-action/blob/main/src/pull-metadata.ts
      - uses: gradle/issue-management-action@v1

    outputs:
      matrix: ${{ steps.setup-matrix.outputs.matrix }}
      sys-prop-args: ${{ steps.determine-sys-prop-args.outputs.sys-prop-args }}

  sanity-check:
    name: "Sanity Check on Linux"
    permissions:
      contents: read
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: git clone
        uses: actions/checkout@v4
      - name: setup java

# policy, and support documentation.

name: Scorecard supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
  # To guarantee Maintained check is occasionally updated. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
  schedule:

# The original version of this file is located in the https://github.com/istio/common-files repo.
# If you're looking at this file in a different repo and want to make a change, please go to the
# common-files repo, make the change there and check it in. Then come back to this repo and run
# "make update-common".

ignored:
  - DL3008
  - DL3059

trustedRegistries:
  - gcr.io
  - docker.io
  - quay.io
  - "*.pkg.dev"

            openid: "http://127.0.0.1:5556/dex"

    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: ${{ matrix.go-version }}
          check-latest: true
      - name: Test LDAP/OpenID/Etcd combo
        env:
          _MINIO_LDAP_TEST_SERVER: ${{ matrix.ldap }}
          _MINIO_ETCD_TEST_SERVER: ${{ matrix.etcd }}

      - name: 'Cancel previous runs'
        uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1
        with:
          access_token: ${{ github.token }}
      - name: 'Check out repository'
        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
      - name: 'Set up JDK ${{ matrix.java }}'
        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1

in the event of a failed command. {{- if .Values.configPathmc }} MC_CONFIG_DIR="{{ .Values.configPathmc }}" MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" {{- else }} MC="/usr/bin/mc --insecure" {{- end }} # connectToMinio # Use a check-sleep-check loop to wait for MinIO service to be available connectToMinio() { SCHEME=$1 ATTEMPTS=0 LIMIT=29 # Allow 30 attempts set -e # fail if we can't read the keys. ACCESS=$(cat /config/rootUser) SECRET=$(cat /config/rootPassword) set +e # The connections...

name: Check issues metadata

on:
  issues:
    types: [ opened, unlabeled, closed ]

permissions: {}

jobs:
  check_issue_metadata:
    permissions:
      issues: write
    runs-on: ubuntu-latest
    steps:
      # Check that issues have proper metadata: labels and milestone
      # https://github.com/gradle/issue-management-action/blob/main/src/issue-metadata.ts
      - uses: gradle/issue-management-action@v1
        with:

    # default is false: such cases aren't reported by default.
    check-type-assertions: false
    # report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`;
    # default is false: such cases aren't reported by default.
    check-blank: false
  govet:
    disable:
      # report about shadowed variables
      - shadow
  goimports: