From ae0d67a5a86075b601039f2f91e8e26f9bbfd7ed Mon Sep 17 00:00:00 2001
From: Josh Dolitsky <josh@dolit.ski>
Date: Thu, 28 Jul 2022 12:04:57 -0500
Subject: [PATCH] only run public fulcio examples on push

Signed-off-by: Josh Dolitsky <josh@dolit.ski>
---
 .github/workflows/policy-tester-examples.yml | 4 +++-
 .gitignore                                   | 1 -
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/policy-tester-examples.yml b/.github/workflows/policy-tester-examples.yml
index 42b69f37c..d1bf076f6 100644
--- a/.github/workflows/policy-tester-examples.yml
+++ b/.github/workflows/policy-tester-examples.yml
@@ -60,7 +60,9 @@ jobs:
           -p 5000:5000 \
           registry:2
 
-    - name: Example (keyless-attestation-sbom-spdxjson)
+    # This example requires public Fulcio, only run on push to main
+    - if: ${{ github.event_name == 'push' }}
+      name: Example (keyless-attestation-sbom-spdxjson)
       working-directory: ./src/github.com/${{ github.repository }}/examples
       run: |
         REF="localhost:5000/examples/keyless-attestation-sbom-spdxjson"
diff --git a/.gitignore b/.gitignore
index ab4103d7b..acb7f7df3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,4 +32,3 @@ policyImagerefs
 **verify-experimental*
 
 policy-tester
-spdx-sbom.json