name: Continuous Integration

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main
      - 'releases/*'

permissions: {}

jobs:
  test-attest-sbom:
    name: Test attest-sbom action with local sbom file
    runs-on: ubuntu-latest
    permissions:
      attestations: write
      contents: read
      id-token: write

    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Run attest-sbom
        id: attest-sbom
        uses: ./
        env:
          INPUT_PRIVATE-SIGNING: 'true'
        with:
          subject-digest: 'sha256:7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32'
          subject-name: 'subject'
          sbom-path: '__tests__/data/sbom.json'
          github-token: ${{ secrets.GITHUB_TOKEN }}
      - name: Dump output
        run: jq < ${{ steps.attest-sbom.outputs.bundle-path }}