generated from coulomb/repo-seed
tegwick
30598fd1ad
Add safe action interpolation and for_each binding for rule fan-out, update the weekly SBOM definition, cover the new evaluation path, and reconcile activity-core scope/workplans for the State Hub sync.
1.3 KiB
1.3 KiB
id, name, enabled, owner, governance, status, trigger, context_sources
| id | name | enabled | owner | governance | status | trigger | context_sources | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| weekly-sbom-staleness | Weekly SBOM Staleness Check | true | custodian-agent | custodian | active |
|
|
Weekly SBOM Staleness Check
Runs every Monday at 09:00 Berlin time. Checks all tracked repositories for SBOM staleness and flags any repository whose SBOM is older than 30 days.
id: flag-stale-sbom
for_each: context.repos.repos
bind_as: repo
condition: 'context.repo.sbom_age_days > 30'
action:
task_template: Run SBOM rescan for {context.repo.repo_slug}
target_repo: context.repo.repo_slug
priority: medium
labels: ["sbom", "security", "automated"]
The bulk resolver exposes the per-repo entries under context.repos.repos.
The rule uses explicit for_each binding so the workflow evaluates the
condition once per repository and emits one task per stale repo. Action fields
may reference the bound item with context.repo.*.