Merge pull request #17 from github/add-policy-chart

Add `policies` chart with trust root and initial policy

Author: codysoyland

Diff for: .github/workflows/release.yml

@@ -4,6 +4,7 @@ on:
   push:
     tags:
       - policy-controller-v*
+      - policies-v*
 
 jobs:
   release:

Diff for: charts/policies/.helmignore

@@ -0,0 +1,20 @@
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

Diff for: charts/policies/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+description: The Helm chart for Policy  Controller
+home: https://github.com/github/policy-controller
+
+sources:
+  - https://github.com/github/policy-controller
+
+type: application
+
+name: policy-controller-policies
+version: "v0.1.0"
+appVersion: "v0.1.0"
+
+maintainers:
+  - name: codysoyland
+  - name: malancas

Diff for: charts/policies/README.md

@@ -0,0 +1,9 @@
+# policies
+
+The Helm chart for Policy Controller Policies
+
+**Homepage:** <https://github.com/github/policy-controller>
+
+## Source Code
+
+* <https://github.com/github/policy-controller>

Diff for: charts/policies/templates/clusterimagepolicy-github.yaml

@@ -0,0 +1,18 @@
+{{ if .Values.policy.enabled }}
+apiVersion: policy.sigstore.dev/v1alpha1
+kind: ClusterImagePolicy
+metadata:
+  name: github-policy
+spec:
+  images:
+  - glob: "**"
+  authorities:
+  - keyless:
+      identities:
+      - issuer: https://token.actions.githubusercontent.com
+        subjectRegExp: https://github.com/{{ .Values.policy.organization }}/{{ .Values.policy.repo }}/\.github/workflows/.*
+    signatureFormat: bundle
+    attestations:
+    - name: require-attestation
+      predicateType: {{ .Values.policy.predicateType }}
+{{- end }}

Diff for: charts/policies/templates/trustroot-github.yaml

@@ -0,0 +1,9 @@
+apiVersion: policy.sigstore.dev/v1alpha1
+kind: TrustRoot
+metadata:
+  name: github
+spec:
+  remote:
+    mirror: https://tuf-repo.github.com/
+    root: |-
+      ewogInNpZ25hdHVyZXMiOiBbCiAgewogICAia2V5aWQiOiAiNGY0ZDFkZDc1ZjJkN2YzODYwZTNhMDY4ZDdiZWQ5MGRlYzVmMGZhYWZjYmUxYWNlN2ZiN2Q5NWQyOWUwNzIyOCIsCiAgICJzaWciOiAiIgogIH0sCiAgewogICAia2V5aWQiOiAiNWUwMWM5YTBiMjY0MWE4OTY1YTRhNzRlN2RmMGJjN2IyZDgyNzhhMmMzY2EwY2Y3YTNmMmY3ODNkM2M2OTgwMCIsCiAgICJzaWciOiAiIgogIH0sCiAgewogICAia2V5aWQiOiAiZWI4ZWZmMzdmOTNhZjJmYWFiYTUxOWYzNDFkZWNlYzNjZWNkM2VlYWZjYWNlMzI5NjZkYjk3MjM4NDJjOGE2MiIsCiAgICJzaWciOiAiIgogIH0sCiAgewogICAia2V5aWQiOiAiYTEwNTEzYTVhYjYxYWNkMGM2YjZmYmUwNTA0ODU2ZWFkMThmM2IxN2M0ZmFiYmUzZmE4NDhjNzlhNWExODdjZiIsCiAgICJzaWciOiAiMzA0NTAyMjEwMDg0YzlmMjk2ZWI1YjY3MmU0NDIxMzA5NjY1M2RkN2ZlZGNkMjQ3Nzg1MDQ0ZGVjNjQ4ZjBmM2JlN2IwY2Q1MTAwMjIwNzg2NzgyMmI2ZDFhODU5NjlhNTY5N2U3NzQyNTczMTllM2Q4NzIzZmE2ZDQwM2FlMDcyOTgwYjcyYWNmYTUwZCIKICB9LAogIHsKICAgImtleWlkIjogImQ2YTg5ZTIzZmIyMjgwMWEwZDExODZiZjFiZGQwMDdlMjI4ZjY1YThhYTk5NjRkMjRkMDZjYjVmYmIwY2U5MWMiLAogICAic2lnIjogIjMwNDUwMjIwMGYwZmI0YThiMTEzOWVjOWY4ZDMzNjc2OGZmMWI4M2Y5NWMzOGE4NjEzZmNjZjg4YTE5ZjZlZDNjYTAyMTE5YjAyMjEwMDgyMzU1MTdjMWRkMjdjZmM4NGYzODY3Y2JiYjgyMThmZmFkZGM1ZDczZmNmNjQ5NzEzNTE4YmZhMWE5M2E0YWEiCiAgfSwKICB7CiAgICJrZXlpZCI6ICI4YjQ5OGE4MGExYjdhZjE4OGMxMGM5YWJkZjZhYWRlODFkMTRmYWFmZmNkZTJhYmNkNjA2M2JhYTY3M2ViZDEyIiwKICAgInNpZyI6ICIzMDQ0MDIyMDY4ZTU5Y2JkMGUyNTk4NDVkYThhM2Y1YzBmMDJkODk1YTBiZDBmOGQwMTBjYjk0YTE0YWUzZDRjZTBmNDM2YmYwMjIwMGVjODFkODNmMzkyNGIyNjQ0NTkxZDQ1MmVjNTM5Yjk3MTNkNzA3ZTcxODc4YTllY2ExYWI1NDUyMjY3NjVlNyIKICB9LAogIHsKICAgImtleWlkIjogIjg4NzM3Y2NkYWM3YjQ5Y2MyMzdlOWFhZWFkODFiZTJhNDAyNzhiODg2YTY5M2Q4MTQ5YTE5Y2Y1NDNmMDkzZDMiLAogICAic2lnIjogIjMwNDYwMjIxMDBlMDlmYTZjZWRhYzc0ZDJmY2UwMzg4YzQ2MTZhOTM4ZGQ4MTgyOTZlNWNiMmUxZmJiYmVhMWQxOGE2NjMwOGU5MDIyMTAwYmZlZjMwNmVmNTg5YjZjN2VkNjMzODdmOGMzMzg4NWMwMzc2OTYzNDQ3ODRmZWVhMjJlNGQ2ZjU1ZTg3NmEzZiIKICB9LAogIHsKICAgImtleWlkIjogIjUzOWRkZTQ0MDE0Yzg1MGZlNmVlYjhiMjk5ZWI3ZGFlMmUxZjRiZjgzNDU0Yjk0OWU5OGFhNzM1NDJjZGM2NWEiLAogICAic2lnIjogIjMwNDYwMjIxMDBlZDNjNTk5NzM4OGM5YTA5MjY0ZTdiZWNiNzQ0ODFlOTU2N2FhNTQ2MWVjNjZmM2Q3MzExZTQ2MWFjNjcyNTUxMDIyMTAwYzQ3ODllNDFjNjE4MTA3MTkzZjA0NTdkYzYzYjAwMzczZGEzYmVmMTcxZDY5ZWRhMDcyMzZiNDIyNTQ3MDlmMCIKICB9CiBdLAogInNpZ25lZCI6IHsKICAiX3R5cGUiOiAicm9vdCIsCiAgImNvbnNpc3RlbnRfc25hcHNob3QiOiB0cnVlLAogICJleHBpcmVzIjogIjIwMjQtMTItMjBUMTM6MjU6MTVaIiwKICAia2V5cyI6IHsKICAgIjRmNGQxZGQ3NWYyZDdmMzg2MGUzYTA2OGQ3YmVkOTBkZWM1ZjBmYWFmY2JlMWFjZTdmYjdkOTVkMjllMDcyMjgiOiB7CiAgICAia2V5dHlwZSI6ICJlY2RzYSIsCiAgICAia2V5dmFsIjogewogICAgICJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRU5raTdhWlZpcHM1U2dSekNkL09tMENHelFLWS9cbm52ODRnaXFWRG1kd2IyeXM4Mlo2c29GTGFzdllZRUVRY3dxYUMxNzBuOWdyOTN3SFVnUGM3OTZ1SkE9PVxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tXG4iCiAgICB9LAogICAgInNjaGVtZSI6ICJlY2RzYS1zaGEyLW5pc3RwMjU2IiwKICAgICJ4LXR1Zi1vbi1jaS1rZXlvd25lciI6ICJAYXNodG9tIgogICB9LAogICAiNTM5ZGRlNDQwMTRjODUwZmU2ZWViOGIyOTllYjdkYWUyZTFmNGJmODM0NTRiOTQ5ZTk4YWE3MzU0MmNkYzY1YSI6IHsKICAgICJrZXl0eXBlIjogImVjZHNhIiwKICAgICJrZXl2YWwiOiB7CiAgICAgInB1YmxpYyI6ICItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFbEQwbzJzT1pOOW4zUktRN1B0TUxBb1hqKzJBaVxubjRQS1QvcGZuekRsTkxyRDNWVFF3Q2M0c1I0dCtPTHU0S1ErcWsra1hrUjlZdUJzdTNiZEpaMU9Xdz09XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS1cbiIKICAgIH0sCiAgICAic2NoZW1lIjogImVjZHNhLXNoYTItbmlzdHAyNTYiLAogICAgIngtdHVmLW9uLWNpLWtleW93bmVyIjogIkBuZXJkbmVoYSIKICAgfSwKICAgIjVlMDFjOWEwYjI2NDFhODk2NWE0YTc0ZTdkZjBiYzdiMmQ4Mjc4YTJjM2NhMGNmN2EzZjJmNzgzZDNjNjk4MDAiOiB7CiAgICAia2V5dHlwZSI6ICJlY2RzYSIsCiAgICAia2V5dmFsIjogewogICAgICJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRUM5Uk5Bc3VEQ05PNlQ3cUE3WTVGOG9ydzJ0SVdcbnI3clVyNGZmeHZ6VE1yYmtWdGpSL3RydEUwcTArVDB6UThUV0x5STZFWU13Yjk0N2VqMkl0ZmtPeUE9PVxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tXG4iCiAgICB9LAogICAgInNjaGVtZSI6ICJlY2RzYS1zaGEyLW5pc3RwMjU2IiwKICAgICJ4LXR1Zi1vbi1jaS1rZXlvd25lciI6ICJAamFjb2JkZXByaWVzdCIKICAgfSwKICAgIjg4NzM3Y2NkYWM3YjQ5Y2MyMzdlOWFhZWFkODFiZTJhNDAyNzhiODg2YTY5M2Q4MTQ5YTE5Y2Y1NDNmMDkzZDMiOiB7CiAgICAia2V5dHlwZSI6ICJlY2RzYSIsCiAgICAia2V5dmFsIjogewogICAgICJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRUJhZ2tza05PcE9UYmV0VFg1Q2Rudk15K0xpV25cbm9uUnJOcnFBSEw0V2dpZWJIN1VpZzdHTGhDM2JrZUEvcWdiOTI2L3ZyOXFoT1BHOUJ1ajJIYXRyUHc9PVxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tXG4iCiAgICB9LAogICAgInNjaGVtZSI6ICJlY2RzYS1zaGEyLW5pc3RwMjU2IiwKICAgICJ4LXR1Zi1vbi1jaS1rZXlvd25lciI6ICJAZ3JlZ29zZSIKICAgfSwKICAgIjhiNDk4YTgwYTFiN2FmMTg4YzEwYzlhYmRmNmFhZGU4MWQxNGZhYWZmY2RlMmFiY2Q2MDYzYmFhNjczZWJkMTIiOiB7CiAgICAia2V5dHlwZSI6ICJlY2RzYSIsCiAgICAia2V5dmFsIjogewogICAgICJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRTdJRW9WTndycHJjaFhHaFQ1c0FoU2F4N1NPZDNcbjhkdXVJU2doQ3pmbUhkS0pXU2JWMndKUmFtUmlVVlJ0bUE4M0svcW01Y1QyMFdYTUNUNVFlTS9EM0E9PVxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tXG4iCiAgICB9LAogICAgInNjaGVtZSI6ICJlY2RzYS1zaGEyLW5pc3RwMjU2IiwKICAgICJ4LXR1Zi1vbi1jaS1rZXlvd25lciI6ICJAdHJldnJvc2VuIgogICB9LAogICAiYTEwNTEzYTVhYjYxYWNkMGM2YjZmYmUwNTA0ODU2ZWFkMThmM2IxN2M0ZmFiYmUzZmE4NDhjNzlhNWExODdjZiI6IHsKICAgICJrZXl0eXBlIjogImVjZHNhIiwKICAgICJrZXl2YWwiOiB7CiAgICAgInB1YmxpYyI6ICItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFQzJ3SjN4c2N5WHhCTHliSjlGVmp3a3lRTWU1M1xuUkhVejc3QWpNTzhNelZhVDh4dzZadkpxZE5aaXl0WXRpZ1dVTGxJTnh3NmZyTnNXSktiL2Y3bEM4QT09XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS1cbiIKICAgIH0sCiAgICAic2NoZW1lIjogImVjZHNhLXNoYTItbmlzdHAyNTYiLAogICAgIngtdHVmLW9uLWNpLWtleW93bmVyIjogIkBrb21tZW5kb3JrYXB0ZW4iCiAgIH0sCiAgICJkNmE4OWUyM2ZiMjI4MDFhMGQxMTg2YmYxYmRkMDA3ZTIyOGY2NWE4YWE5OTY0ZDI0ZDA2Y2I1ZmJiMGNlOTFjIjogewogICAgImtleXR5cGUiOiAiZWNkc2EiLAogICAgImtleXZhbCI6IHsKICAgICAicHVibGljIjogIi0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tXG5NRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVEZE9Sd2NydVczZ3FBZ2FMakgvbk5kR01CNGtRXG5BdkErd0Q2RHlPNFAvd1I4ZWUyY2U4M05aSHExWkFES2h2ZTBybFlLYUt5M0NxeVE1U21sWjM2Wmh3PT1cbi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLVxuIgogICAgfSwKICAgICJzY2hlbWUiOiAiZWNkc2Etc2hhMi1uaXN0cDI1NiIsCiAgICAieC10dWYtb24tY2kta2V5b3duZXIiOiAiQGtydWtvdyIKICAgfSwKICAgImViOGVmZjM3ZjkzYWYyZmFhYmE1MTlmMzQxZGVjZWMzY2VjZDNlZWFmY2FjZTMyOTY2ZGI5NzIzODQyYzhhNjIiOiB7CiAgICAia2V5dHlwZSI6ICJlY2RzYSIsCiAgICAia2V5dmFsIjogewogICAgICJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRU55blZkUW5NOWg3eFU3MUc3UGlKcFFhRGVtdWJcbmtianNqWXdMbFBKVFFWdXhRTzhXZUlwSmY4TUVoNXJmMDF0MmRESXVDc1o1Z1J4K1F2RHYwVXpmc0E9PVxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tXG4iCiAgICB9LAogICAgInNjaGVtZSI6ICJlY2RzYS1zaGEyLW5pc3RwMjU2IiwKICAgICJ4LXR1Zi1vbi1jaS1rZXlvd25lciI6ICJAbXBoNCIKICAgfSwKICAgImViOTc5OWI0ODNhZmZhYzlkYTg3ZWY0YzllYTQ2NzkyODQxNWM5NjEzNDllNjA3ZTVlNmU0ODU2NzliMDdmOGYiOiB7CiAgICAia2V5dHlwZSI6ICJlY2RzYSIsCiAgICAia2V5dmFsIjogewogICAgICJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRU5LTmNOY1grZDczbFMxVFJGYjlWbnA4SnZPb2hcbnpZUStpbjQzaUdlbmJHOFJHbzlMLzZGSjJob1JiVlU2eHNrdnl1RXJjZFBiQ2RJNEd4clE1aThoa3c9PVxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tXG4iCiAgICB9LAogICAgInNjaGVtZSI6ICJlY2RzYS1zaGEyLW5pc3RwMjU2IiwKICAgICJ4LXR1Zi1vbi1jaS1vbmxpbmUtdXJpIjogImF6dXJla21zOi8vcHJvZHVjdGlvbi10dWYtcm9vdC52YXVsdC5henVyZS5uZXQva2V5cy9PbmxpbmUtS2V5L2FhZjM3NWZkOGVkMjRhY2I5NDlhNWNjMTczNzAwYjA1IgogICB9CiAgfSwKICAicm9sZXMiOiB7CiAgICJyb290IjogewogICAgImtleWlkcyI6IFsKICAgICAiYTEwNTEzYTVhYjYxYWNkMGM2YjZmYmUwNTA0ODU2ZWFkMThmM2IxN2M0ZmFiYmUzZmE4NDhjNzlhNWExODdjZiIsCiAgICAgIjRmNGQxZGQ3NWYyZDdmMzg2MGUzYTA2OGQ3YmVkOTBkZWM1ZjBmYWFmY2JlMWFjZTdmYjdkOTVkMjllMDcyMjgiLAogICAgICI4ODczN2NjZGFjN2I0OWNjMjM3ZTlhYWVhZDgxYmUyYTQwMjc4Yjg4NmE2OTNkODE0OWExOWNmNTQzZjA5M2QzIiwKICAgICAiNWUwMWM5YTBiMjY0MWE4OTY1YTRhNzRlN2RmMGJjN2IyZDgyNzhhMmMzY2EwY2Y3YTNmMmY3ODNkM2M2OTgwMCIsCiAgICAgImQ2YTg5ZTIzZmIyMjgwMWEwZDExODZiZjFiZGQwMDdlMjI4ZjY1YThhYTk5NjRkMjRkMDZjYjVmYmIwY2U5MWMiLAogICAgICJlYjhlZmYzN2Y5M2FmMmZhYWJhNTE5ZjM0MWRlY2VjM2NlY2QzZWVhZmNhY2UzMjk2NmRiOTcyMzg0MmM4YTYyIiwKICAgICAiOGI0OThhODBhMWI3YWYxODhjMTBjOWFiZGY2YWFkZTgxZDE0ZmFhZmZjZGUyYWJjZDYwNjNiYWE2NzNlYmQxMiIsCiAgICAgIjUzOWRkZTQ0MDE0Yzg1MGZlNmVlYjhiMjk5ZWI3ZGFlMmUxZjRiZjgzNDU0Yjk0OWU5OGFhNzM1NDJjZGM2NWEiCiAgICBdLAogICAgInRocmVzaG9sZCI6IDMKICAgfSwKICAgInNuYXBzaG90IjogewogICAgImtleWlkcyI6IFsKICAgICAiZWI5Nzk5YjQ4M2FmZmFjOWRhODdlZjRjOWVhNDY3OTI4NDE1Yzk2MTM0OWU2MDdlNWU2ZTQ4NTY3OWIwN2Y4ZiIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMSwKICAgICJ4LXR1Zi1vbi1jaS1leHBpcnktcGVyaW9kIjogMjEsCiAgICAieC10dWYtb24tY2ktc2lnbmluZy1wZXJpb2QiOiA3CiAgIH0sCiAgICJ0YXJnZXRzIjogewogICAgImtleWlkcyI6IFsKICAgICAiYTEwNTEzYTVhYjYxYWNkMGM2YjZmYmUwNTA0ODU2ZWFkMThmM2IxN2M0ZmFiYmUzZmE4NDhjNzlhNWExODdjZiIsCiAgICAgIjRmNGQxZGQ3NWYyZDdmMzg2MGUzYTA2OGQ3YmVkOTBkZWM1ZjBmYWFmY2JlMWFjZTdmYjdkOTVkMjllMDcyMjgiLAogICAgICI4ODczN2NjZGFjN2I0OWNjMjM3ZTlhYWVhZDgxYmUyYTQwMjc4Yjg4NmE2OTNkODE0OWExOWNmNTQzZjA5M2QzIiwKICAgICAiNWUwMWM5YTBiMjY0MWE4OTY1YTRhNzRlN2RmMGJjN2IyZDgyNzhhMmMzY2EwY2Y3YTNmMmY3ODNkM2M2OTgwMCIsCiAgICAgImQ2YTg5ZTIzZmIyMjgwMWEwZDExODZiZjFiZGQwMDdlMjI4ZjY1YThhYTk5NjRkMjRkMDZjYjVmYmIwY2U5MWMiLAogICAgICJlYjhlZmYzN2Y5M2FmMmZhYWJhNTE5ZjM0MWRlY2VjM2NlY2QzZWVhZmNhY2UzMjk2NmRiOTcyMzg0MmM4YTYyIiwKICAgICAiOGI0OThhODBhMWI3YWYxODhjMTBjOWFiZGY2YWFkZTgxZDE0ZmFhZmZjZGUyYWJjZDYwNjNiYWE2NzNlYmQxMiIsCiAgICAgIjUzOWRkZTQ0MDE0Yzg1MGZlNmVlYjhiMjk5ZWI3ZGFlMmUxZjRiZjgzNDU0Yjk0OWU5OGFhNzM1NDJjZGM2NWEiCiAgICBdLAogICAgInRocmVzaG9sZCI6IDMKICAgfSwKICAgInRpbWVzdGFtcCI6IHsKICAgICJrZXlpZHMiOiBbCiAgICAgImViOTc5OWI0ODNhZmZhYzlkYTg3ZWY0YzllYTQ2NzkyODQxNWM5NjEzNDllNjA3ZTVlNmU0ODU2NzliMDdmOGYiCiAgICBdLAogICAgInRocmVzaG9sZCI6IDEsCiAgICAieC10dWYtb24tY2ktZXhwaXJ5LXBlcmlvZCI6IDcsCiAgICAieC10dWYtb24tY2ktc2lnbmluZy1wZXJpb2QiOiA2CiAgIH0KICB9LAogICJzcGVjX3ZlcnNpb24iOiAiMS4wLjMxIiwKICAidmVyc2lvbiI6IDIsCiAgIngtdHVmLW9uLWNpLWV4cGlyeS1wZXJpb2QiOiAyNDAsCiAgIngtdHVmLW9uLWNpLXNpZ25pbmctcGVyaW9kIjogNjAKIH0KfQ==

Diff for: charts/policies/values.yaml

@@ -0,0 +1,10 @@
+# A default policy can be created by setting policy.enabled to true.
+policy:
+  # organization is a regex that matches the organization name in the certificate identity
+  organization: '.*'
+  # repo is a regex that matches the repository name in the certificate identity
+  repo: '.*'
+  # enabled is a flag to enable the default policy
+  enabled: false
+  # predicateType is the type of predicate to expect in the default policy
+  predicateType: https://slsa.dev/provenance/v1