# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecard supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:

    `EventListener` or `Interceptor`.

    ```kotlin
      override fun intercept(chain: Interceptor.Chain): Response {
        chain.call().tag(MyAnalyticsTag::class) {
          MyAnalyticsTag(...)
        }

        return chain.proceed(chain.request())
      }
    ```

 *  New: Support request bodies on HTTP/1.1 connection upgrades.

- Client-go certificate manager rotation gained the ability to preserve optional intermediate chains accompanying issued certificates ([#88744](https://github.com/kubernetes/kubernetes/pull/88744), [@jackkleeman](https://github.com/jackkleeman)) [SIG API Machinery and Auth]

# limitations under the License.
# ==============================================================================
# This script uploads all staged artifacts from all previous builds in the same
# job chain to GCS and PyPI.
source "${BASH_SOURCE%/*}/utilities/setup.sh"

# Calculate the version number for choosing the final directory name. This adds
# "-devYYYYMMDD" to the end of the version string for nightly builds.

        RequestTrace level2 = new RequestTrace("level2", level1, "level2-data");
        RequestTrace level3 = new RequestTrace(level2, "level3-data");

        // Verify the chain
        assertNull(root.parent());
        assertEquals(root, level1.parent());
        assertEquals(level1, level2.parent());
        assertEquals(level2, level3.parent());

        // Verify context inheritance

 *     lookups) and attempt new connections to them. When failures occur, retries iterate the
 *     list of available routes.
 *
 * If the pool gains an eligible connection while DNS, TCP, or TLS work is in flight, this finder
 * will prefer pooled connections. Only pooled HTTP/2 connections are used for such de-duplication.
 *

   */
  abstract fun <T : Any> plus(
    key: KClass<T>,
    value: T?,
  ): Tags

  abstract operator fun <T : Any> get(key: KClass<T>): T?
}

/** An empty tags. This is always the tail of a [LinkedTags] chain. */
internal object EmptyTags : Tags() {
  override fun <T : Any> plus(
    key: KClass<T>,
    value: T?,
  ): Tags =
    when {
      value != null -> LinkedTags(key, value, this)
      else -> this
    }

 *                of the request. May be null if no specific context is needed.
 * @param parent The parent request trace that led to this request, establishing the chain of nested
 *               operations. May be null for top-level requests.
 * @param data Additional data associated with this request trace, typically containing the actual request

   * Contains the logical entries, in the range of [0, size()). The high 32 bits of each long is the
   * smeared hash of the element, whereas the low 32 bits is the "next" pointer (pointing to the
   * next entry in the bucket chain). The pointers in [size(), entries.length) are all "null"
   * (UNSET).
   */
  @VisibleForTesting transient long[] entries;

  /** The load factor. */
  private transient float loadFactor;

##
## readlink() {
##     return /bin/readlink -f "$1"
## }
##
readlink() {
	TARGET_FILE=$1

	cd $(dirname $TARGET_FILE)
	TARGET_FILE=$(basename $TARGET_FILE)

	# Iterate down a (possible) chain of symlinks
	while [ -L "$TARGET_FILE" ]; do
		TARGET_FILE=$(env readlink $TARGET_FILE)
		cd $(dirname $TARGET_FILE)
		TARGET_FILE=$(basename $TARGET_FILE)
	done