{{ if .Values.global.logAsJson -}}
    - "--log_as_json"
    {{ end -}}
    {{ if or .Values.pilot.cni.enabled .Values.istio_cni.enabled -}}
    - "--run-validation"
    - "--skip-rule-apply"
    {{ end -}}
    {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}}
  {{- if .ProxyConfig.ProxyMetadata }}
    env:
    {{- range $key, $value := .ProxyConfig.ProxyMetadata }}

              "typed_config": {
               "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
               "rules": {
                "policies": {
                 "ns[default]-policy[httpbin]-rule[0]": {
                  "permissions": [
                   {
                    "and_rules": {
                     "rules": [
                      {
                       "or_rules": {

'''
 Repository rule to set some environment variables.
 Can be set via build parameter "--repo_env=<VARIABLE_NAME>=<value>"
 e.g "--repo_env=REQUIREMENTS_FILE_NAME=requirements.in"

 List of variables:
 REQUIREMENTS_FILE_NAME
'''

def _updater_config_repository_impl(repository_ctx):
    repository_ctx.file("BUILD", "")
    requirements_file_name = repository_ctx.os.environ.get("REQUIREMENTS_FILE_NAME", "requirements.in")
    repository_ctx.file(

						   class="nav-link <c:if test="${param.menuType=='boostDocumentRule'}">active</c:if>">
							<em class='fa fa-genderless nav-icon'>
							<p><la:message key="labels.menu_boost_document_rule" /></p>
						</a></li></c:if>
						
					<c:if test="${fe:permission('admin-relatedcontent-view')}">
					<li class="nav-item">
						<a href="${fe:url('/admin/relatedcontent/')}"

# limitations under the License.
# ============================================================================

name: Scorecards supply-chain security
on:
  # Only the default branch is supported.
  branch_protection_rule:
  schedule:
    - cron: '44 15 * * 5'
  push:
    branches: [ master ]

# Declare default permissions as read only.
permissions: read-all

jobs:
  analysis:

## Config for sass-lint
#########################
# Linter Options
options:
  # Don't merge default rules
  merge-default-rules: false
  # Raise an error if more than 50 warnings are generated
  max-warnings: 500
# Rule Configuration
rules:
  attribute-quotes:
    - 2
    -
      include: false
  bem-depth: 2
  border-zero: 2
  brace-style: 2
  class-name-format: 2
  clean-import-paths: 2

// license that can be found in the LICENSE file.

// This input was created by taking the instruction productions in
// the old assembler's (5a's) grammar and hand-writing complete
// instructions for each rule, to guarantee we cover the same space.

#include "../../../../../runtime/textflag.h"

TEXT	foo(SB), DUPOK|NOSPLIT, $0

// ADD
//
//	LTYPE1 cond imsr ',' spreg ',' reg
//	{
//		outcode($1, $2, &$3, $5, &$7);

// license that can be found in the LICENSE file.

// This input was created by taking the instruction productions in
// the old assembler's (7a's) grammar and hand-writing complete
// instructions for each rule, to guarantee we cover the same space.

#include "../../../../../runtime/textflag.h"

TEXT	foo(SB), DUPOK|NOSPLIT, $-8

// arithmetic operations
	ADDW	$1, R2, R3
	ADDW	R1, R2, R3
	ADDW	R1, ZR, R3

// license that can be found in the LICENSE file.

// This input was created by taking the instruction productions in
// the old assembler's (6a's) grammar and hand-writing complete
// instructions for each rule, to guarantee we cover the same space.

#include "../../../../../runtime/textflag.h"

TEXT	foo(SB), DUPOK|NOSPLIT, $0

// LTYPE1 nonrem	{ outcode($1, &$2); }
	NEGQ	R11
	NEGQ	4(R11)
	NEGQ	foo+4(SB)

      # For example:
      # podAntiAffinityLabelSelector:
      # - key: security
      #   operator: In
      #   values: S1,S2
      #   topologyKey: "kubernetes.io/hostname"
      # This pod anti-affinity rule says that the pod requires not to be scheduled
      # onto a node if that node is already running a pod with label having key
      # "security" and value "S1".
      podAntiAffinityLabelSelector: []