From a92410d93a996ce3bb5c1e7fc7d5c14493deadb4 Mon Sep 17 00:00:00 2001 From: Terri Oda Date: Tue, 14 May 2024 10:48:32 -0700 Subject: [PATCH] ci: move wheel build to separate yml file --- .github/workflows/build-wheel.yml | 51 +++++++++++++++++++++++++++++++ .github/workflows/testing.yml | 44 -------------------------- 2 files changed, 51 insertions(+), 44 deletions(-) create mode 100644 .github/workflows/build-wheel.yml diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml new file mode 100644 index 0000000000..56ccf23b33 --- /dev/null +++ b/.github/workflows/build-wheel.yml @@ -0,0 +1,51 @@ +name: Build pip wheel + +on: + push: + branches: [ "main" ] + workflow_dispatch: + + build: + name: Build wheel + runs-on: ubuntu-latest + permissions: + id-token: write + attestations: write + contents: read + strategy: + fail-fast: false + matrix: + python-version: + - "3.12" + if: github.repository == 'intel/cve-bin-tool' && github.ref == 'refs/heads/main' # run on origin repo only + steps: + - name: Harden Runner + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + with: + egress-policy: audit + + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + with: + python-version: ${{ matrix.python-version }} + cache: 'pip' + - name: Install dependencies + run: | + python -m pip install --upgrade pip setuptools wheel build + - name: Build + run: | + python -m build . + - name: Get built filenames + id: filename + run: | + echo "tar=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT + echo "whl=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT + - name: Attest Build Provenance for tar + uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1 + with: + subject-path: "dist/${{ steps.filename.outputs.tar }}" + - name: Attest Build Provenance for whl + uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1 + with: + subject-path: "dist/${{ steps.filename.outputs.whl }}" + # TODO Upload to pypi on release creation diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index a37709b381..4863ba4597 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -588,47 +588,3 @@ jobs: name: codecov-umbrella fail_ci_if_error: false - build: - name: Build wheel - if: github.repository == 'intel/cve-bin-tool' # run on origin repo only - runs-on: ubuntu-latest - permissions: - id-token: write - attestations: write - contents: read - strategy: - fail-fast: false - matrix: - python-version: - - "3.12" - steps: - - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 - with: - egress-policy: audit - - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 - with: - python-version: ${{ matrix.python-version }} - cache: 'pip' - - name: Install dependencies - run: | - python -m pip install --upgrade pip setuptools wheel build - - name: Build - run: | - python -m build . - - name: Get built filenames - id: filename - run: | - echo "tar=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT - echo "whl=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT - - name: Attest Build Provenance for tar - uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1 - with: - subject-path: "dist/${{ steps.filename.outputs.tar }}" - - name: Attest Build Provenance for whl - uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1 - with: - subject-path: "dist/${{ steps.filename.outputs.whl }}" - # TODO Upload to pypi on release creation