sonar-php/.github/workflows/ToggleLockBranch.yml at master · SonarSource/sonar-php · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
name: Toggle lock branch

on:
  workflow_call:
    inputs:
      branch:
        required: true
        type: string
        default: "master"
  workflow_dispatch:    # Triggered manually from the GitHub UI / Actions
    inputs:
      branch:
        description: "Branch to to toggle lock on"
        required: true
        default: "master"

jobs:
  ToggleLockBranch_job:
    name: Toggle lock branch
    runs-on: github-ubuntu-latest-s
    permissions:
      id-token: write
    steps:
      - id: secrets
        uses: SonarSource/vault-action-wrapper@v3
        with:
          secrets: |
            development/github/token/{REPO_OWNER_NAME_DASH}-lock token | lock_token;
            development/kv/data/slack token | slack_api_token;
      - uses: sonarsource/gh-action-lt-backlog/ToggleLockBranch@v2
        with:
          github-token: ${{ fromJSON(steps.secrets.outputs.vault).lock_token }}
          slack-token: ${{ fromJSON(steps.secrets.outputs.vault).slack_api_token }}
          slack-channel: squad-security-taint-notifs
          branch-pattern: ${{ inputs.branch }}