-
-
Notifications
You must be signed in to change notification settings - Fork 2
134 lines (124 loc) · 4 KB
/
dev-workflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# Part of the OZI Project, under the Apache License v2.0 with LLVM Exceptions.
# See LICENSE.txt for license information.
# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
name: OZI Checkpoint-only
on:
pull_request:
branches:
- '**'
permissions:
contents: read
jobs:
checkpoint-cp310-ubuntu-latest:
name: checkpoint (Python 3.10 on ubuntu-latest)
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
api.github.com:443
oziproject.dev:443
pypi.org:443
registry.npmjs.org:443
objects.githubusercontent.com:443
fulcio.sigstore.dev:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
oauth2.sigstore.dev:443
- uses: OZI-Project/checkpoint@b53cf4f0aeb004d5980b72675fba6a38dcc66674 # 1.0.0
with:
python-version: "3.10"
checkpoint-cp311-ubuntu-latest:
name: checkpoint (Python 3.11 on ubuntu-latest)
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
api.github.com:443
oziproject.dev:443
pypi.org:443
registry.npmjs.org:443
objects.githubusercontent.com:443
fulcio.sigstore.dev:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
oauth2.sigstore.dev:443
- uses: OZI-Project/checkpoint@b53cf4f0aeb004d5980b72675fba6a38dcc66674 # 1.0.0
with:
python-version: "3.11"
checkpoint-cp312-ubuntu-latest:
name: checkpoint (Python 3.12 on ubuntu-latest)
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
api.github.com:443
oziproject.dev:443
pypi.org:443
registry.npmjs.org:443
objects.githubusercontent.com:443
fulcio.sigstore.dev:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
oauth2.sigstore.dev:443
- uses: OZI-Project/checkpoint@b53cf4f0aeb004d5980b72675fba6a38dcc66674 # 1.0.0
with:
python-version: "3.12"
checkpoint-cp313-ubuntu-latest:
name: checkpoint (Python 3.13 on ubuntu-latest)
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
api.github.com:443
oziproject.dev:443
pypi.org:443
registry.npmjs.org:443
objects.githubusercontent.com:443
fulcio.sigstore.dev:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
index.crates.io:443
static.crates.io:443
- uses: OZI-Project/checkpoint@b53cf4f0aeb004d5980b72675fba6a38dcc66674
with:
python-version: "3.13"