feat: minty configuration file for this repository

bradegler · bradegler · commit 3d96110720ff · 2024-09-25T13:37:56.000-04:00
diff --git a/.github/minty.yaml b/.github/minty.yaml
@@ -0,0 +1,53 @@
+version: 'minty.abcxyz.dev/v2'
+
+rule: 
+  if: |-
+    assertion.iss == 'https://token.actions.githubusercontent.com' &&
+    assertion.organization_id == '93787867' &&
+    assertion.repository_id == '560465650' &&
+    assertion.ref == 'refs/heads/main'
+
+scope:
+  update-checksums:
+    rule: 
+      if: |-
+        assertion.workflow_ref.startsWith("abcxyz/secure-setup-terraform/.github/workflows/update-checksums.yml") &&
+        (assertion.event_name == 'schedule' || assertion.event_name == 'workflow_dispatch')
+    repositories:
+      - 'secure-setup-terraform'
+    permissions:
+      pull_requests: 'write'
+      contents: 'write'
+
+  create-release:
+    rule:
+      if: |-
+        assertion.workflow_ref.startsWith("abcxyz/secure-setup-terraform/.github/workflows/create-release.yml") &&
+        assertion.event_name == 'push'
+    repositories:
+      - 'secure-setup-terraform'
+    permissions:
+      contents: 'write'
+
+  draft-release:
+    rule:
+      if: |-
+        assertion.workflow_ref == assertion.job_workflow_ref &&
+        assertion.workflow_ref.startsWith("abcxyz/secure-setup-terraform/.github/workflows/draft-release.yml") &&
+        assertion.event_name == 'workflow_dispatch'
+    repositories:
+      - 'secure-setup-terraform'
+    permissions:
+      contents: 'write'
+      pull_requests: 'write'
+
+  release:
+    rule:
+      if: |-
+        assertion.workflow_ref == assertion.job_workflow_ref &&
+        assertion.workflow_ref.startsWith("abcxyz/secure-setup-terraform/.github/workflows/release.yml") &&
+        assertion.event_name == 'push'
+    repositories:
+      - 'secure-setup-terraform'
+    permissions:
+      contents: 'write'
