ci: move wheel build to separate yml file

terriko · May 14, 2024 · a92410d · a92410d
1 parent 7231394
commit a92410d
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 44 deletions.
diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml
@@ -0,0 +1,51 @@
+name: Build pip wheel
+
+on:
+  push:
+    branches: [ "main" ]
+  workflow_dispatch:
+
+  build:
+    name: Build wheel
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      attestations: write
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version:
+        - "3.12"
+    if: github.repository == 'intel/cve-bin-tool' && github.ref == 'refs/heads/main' # run on origin repo only
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      with:
+        egress-policy: audit
+
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+    - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+      with:
+        python-version: ${{ matrix.python-version }}
+        cache: 'pip'
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip setuptools wheel build
+    - name: Build
+      run: |
+        python -m build .
+    - name: Get built filenames
+      id: filename
+      run: |
+        echo "tar=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT
+        echo "whl=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT
+    - name: Attest Build Provenance for tar
+      uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1
+      with:
+        subject-path: "dist/${{ steps.filename.outputs.tar }}"
+    - name: Attest Build Provenance for whl
+      uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1
+      with:
+        subject-path: "dist/${{ steps.filename.outputs.whl }}"
+    # TODO Upload to pypi on release creation
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
@@ -588,47 +588,3 @@ jobs:
           name: codecov-umbrella
           fail_ci_if_error: false
 
-  build:
-    name: Build wheel
-    if: github.repository == 'intel/cve-bin-tool' # run on origin repo only
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      attestations: write
-      contents: read
-    strategy:
-      fail-fast: false
-      matrix:
-        python-version:
-        - "3.12"
-    steps:
-    - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
-      with:
-        egress-policy: audit
-
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-    - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
-      with:
-        python-version: ${{ matrix.python-version }}
-        cache: 'pip'
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip setuptools wheel build
-    - name: Build
-      run: |
-        python -m build .
-    - name: Get built filenames
-      id: filename
-      run: |
-        echo "tar=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT
-        echo "whl=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT
-    - name: Attest Build Provenance for tar
-      uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1
-      with:
-        subject-path: "dist/${{ steps.filename.outputs.tar }}"
-    - name: Attest Build Provenance for whl
-      uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1
-      with:
-        subject-path: "dist/${{ steps.filename.outputs.whl }}"
-    # TODO Upload to pypi on release creation