Bump step-security/harden-runner from 2.9.1 to 2.10.1 #415
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Wheels | |
| on: | |
| release: | |
| types: [published] | |
| push: | |
| branches: main | |
| pull_request: | |
| branches: main | |
| permissions: | |
| contents: read | |
| jobs: | |
| wheels: | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu-20.04 | |
| PYTHON_BINDING_VERSION: "3.10" | |
| - os: ubuntu-20.04 | |
| PYTHON_BINDING_VERSION: "3.8" | |
| name: ${{ matrix.os }}, python-${{ matrix.PYTHON_BINDING_VERSION }} | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| WHEEL_PLATFORM: manylinux_2_31_x86_64 | |
| PYTHON_BINDING_VERSION: ${{ matrix.PYTHON_BINDING_VERSION }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 1 | |
| submodules: recursive | |
| - name: Install Dependencies | |
| run: | | |
| bash .github/workflows/install_dependencies.sh | |
| sudo pip${PYTHON_BINDING_VERSION} install auditwheel | |
| sudo pip${PYTHON_BINDING_VERSION} install --upgrade patchelf>=0.14 | |
| - name: Build wheels | |
| shell: bash | |
| run: | | |
| colcon build --packages-select PROJ4 --event-handlers console_direct+ --cmake-args -DCMAKE_POSITION_INDEPENDENT_CODE=ON | |
| source install/setup.bash | |
| colcon build --packages-up-to ad_rss_map_integration --event-handlers console_direct+ --cmake-args -DPYTHON_BINDING_VERSION=${PYTHON_BINDING_VERSION} --metas colcon_python.meta | |
| - name: Repair wheels | |
| shell: bash | |
| run: | | |
| source install/setup.bash | |
| for whl in install/ad_rss/dist/*.whl; do | |
| auditwheel repair $whl --plat ${WHEEL_PLATFORM} --wheel-dir wheelhouse | |
| done | |
| for whl in install/ad_rss_map_integration/dist/*.whl; do | |
| auditwheel repair $whl --plat ${WHEEL_PLATFORM} --wheel-dir wheelhouse | |
| done | |
| - name: Publish wheels to PyPI | |
| uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # release/v1 | |
| if: ${{ github.event_name == 'release'}} | |
| with: | |
| user: __token__ | |
| password: ${{ secrets.PYPI_API_TOKEN }} | |
| packages_dir: wheelhouse/ |