st3penta
diff --git a/‎.github/workflows/pull_request.yml‎
Lines changed: 1 addition & 2 deletions b/‎.github/workflows/pull_request.yml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 1 addition & 2 deletions b/‎.github/workflows/release.yml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎policy/policy.yaml‎
Lines changed: 0 additions & 4 deletions b/‎policy/policy.yaml‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎policy/policy_pull_request.yaml‎
Lines changed: 12 additions & 0 deletions b/‎policy/policy_pull_request.yaml‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎policy/policy_release.yaml‎
Lines changed: 12 additions & 0 deletions b/‎policy/policy_release.yaml‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎policy/rule_data_pull_request.yaml‎
Lines changed: 0 additions & 7 deletions b/‎policy/rule_data_pull_request.yaml‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎policy/rule_data_release.yaml‎
Lines changed: 0 additions & 7 deletions b/‎policy/rule_data_release.yaml‎
Lines changed: 0 additions & 7 deletions
@@ -113,8 +113,7 @@ jobs:
         with:
           args: >
             validate image
-            --policy "policy/policy.yaml"
-            --rule-data "policy/rule_data_pull_request.yaml"
+            --policy "policy/policy_pull_request.yaml"
             --image "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ needs.build-and-attest.outputs.digest }}"
             --certificate-identity-regexp "^https://github\.com/${{ github.repository_owner }}/${{ github.event.repository.name }}/"
             --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
 
@@ -114,8 +114,7 @@ jobs:
         with:
           args: >
             validate image
-            --policy "policy/policy.yaml"
-            --rule-data "policy/rule_data_release.yaml"
+            --policy "policy/policy_release.yaml"
             --image "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ needs.build-and-attest.outputs.digest }}"
             --certificate-identity-regexp "^https://github\.com/${{ github.repository_owner }}/${{ github.event.repository.name }}/"
             --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
 
@@ -0,0 +1,12 @@
+sources:
+  - policy:
+      - ./policy/rules
+      - ./policy/lib
+
+    ruleData:
+      disallowed_packages:
+        - purl: "pkg:golang/github.com/rs/zerolog"
+          format: "semver"
+          max: "1.31.0"
+      allowed_builder_ids:
+        - https://github.com/st3penta/fosdem-2026-build-sample/.github/workflows/pr-build.yml@refs/pull/
@@ -0,0 +1,12 @@
+sources:
+  - policy:
+      - ./policy/rules
+      - ./policy/lib
+
+    ruleData:
+      disallowed_packages:
+        - purl: "pkg:golang/github.com/rs/zerolog"
+          format: "semver"
+          max: "1.31.0"
+      allowed_builder_ids:
+        - https://github.com/st3penta/fosdem-2026-build-sample/.github/workflows/build-attest.yml@refs/heads/main