Skip to content

[Dependencies]: Bump ossf/scorecard-action from 2.3.1 to 2.3.3 #24

[Dependencies]: Bump ossf/scorecard-action from 2.3.1 to 2.3.3

[Dependencies]: Bump ossf/scorecard-action from 2.3.1 to 2.3.3 #24

Workflow file for this run

--- # Cleanup on PR Close
name: "PR: Closed"
on:
pull_request:
types:
- closed
jobs:
cleanup-cache:
runs-on: ubuntu-latest
steps:
- name: "Initialise Workspace"
if: startsWith(runner.name, 'buildagent-')
shell: bash
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
- name: "Harden Security"
uses: step-security/[email protected]
with:
egress-policy: audit
disable-sudo: true
allowed-endpoints: >
api.github.com:443
api.osv.dev:443
api.securityscorecards.dev:443
codeload.github.com:443
fulcio.sigstore.dev:443
github.com:443
oss-fuzz-build-logs.storage.googleapis.com:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
www.bestpractices.dev:443
- name: "Install extensions"
run: gh extension install actions/gh-actions-cache
env:
GH_TOKEN: ${{ secrets.SOURCE_PUSH_TOKEN }}
- name: "Cleanup"
run: |
echo "Fetching list of cache key"
cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )
## Setting this to not fail the workflow while deleting cache keys.
set +e
echo "Deleting caches..."
for cacheKey in $cacheKeysForPR
do
echo "Deleting cache key: $cacheKey"
gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
done
echo "Done"
env:
GH_TOKEN: ${{ secrets.SOURCE_PUSH_TOKEN }}
REPO: ${{ github.repository }}
BRANCH: refs/pull/${{ github.event.pull_request.number }}/merge