name: Continuous Integration

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main
      - "releases/*"

permissions: {}

jobs:
  test-attest-provenance:
    name: Test attest-provenance action
    runs-on: ubuntu-latest
    permissions:
      attestations: write
      contents: read
      id-token: write

    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Run attest-provenance
        id: attest-provenance
        uses: ./
        env:
          INPUT_PRIVATE-SIGNING: "true"
        with:
          subject-digest: "sha256:7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32"
          subject-name: "subject"
          github-token: ${{ secrets.GITHUB_TOKEN }}
      - name: Dump output
        run: jq < ${{ steps.attest-provenance.outputs.bundle-path }}