Skip to content

Commit 6262f9b

Browse files
committed
Allow more types of serverless-ci to access github
1 parent 1bbaa07 commit 6262f9b

1 file changed

Lines changed: 5 additions & 9 deletions

File tree

.github/chainguard/serverless-init-ci-publish.sts.yaml

Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -8,18 +8,14 @@
88

99
issuer: https://gitlab.ddbuild.io
1010

11-
# Subject pattern matches the serverless-init-ci repo on main branch
12-
subject_pattern: "project_path:DataDog/serverless-init-ci:ref_type:branch:ref:main"
11+
# Subject pattern matches the serverless-init-ci repo on any branch or tag
12+
subject_pattern: "project_path:DataDog/serverless-init-ci:ref_type:(branch|tag):ref:.*"
1313

14-
# Restrict to protected main branch only (root of trust)
14+
# Allow all branches and tags for building RC and prod images
1515
claim_pattern:
1616
project_path: "DataDog/serverless-init-ci"
17-
ref: "main"
18-
ref_type: "branch"
19-
ref_path: "refs/heads/main"
20-
ref_protected: "true"
21-
pipeline_source: "push"
22-
ci_config_ref_uri: "gitlab.ddbuild.io/DataDog/serverless-init-ci//.gitlab-ci.yml@refs/heads/main"
17+
ref_type: "^(branch|tag)$"
18+
pipeline_source: "^(web|pipeline|push)$"
2319

2420
# Minimal permissions: only write packages to GHCR
2521
permissions:

0 commit comments

Comments
 (0)