Bump step-security/harden-runner from 2.11.0 to 2.12.2 #26

Workflow file for this run

.github/workflows/wheel.ad-rss.yml at 43c5042

	name: Wheel ad-rss

	on:
	release:
	types: [published]
	push:
	branches: main
	pull_request:
	branches: main

	permissions:
	contents: read

	jobs:
	wheels:
	strategy:
	matrix:
	include:
	- os: ubuntu-22.04
	PYTHON_BINDING_VERSION: "3.10"
	- os: ubuntu-22.04
	PYTHON_BINDING_VERSION: "3.11"
	- os: ubuntu-22.04
	PYTHON_BINDING_VERSION: "3.12"
	- os: ubuntu-22.04
	PYTHON_BINDING_VERSION: "3.13"

	name: ${{ matrix.os }}, python-${{ matrix.PYTHON_BINDING_VERSION }}
	runs-on: ${{ matrix.os }}
	env:
	WHEEL_PLATFORM: manylinux_2_35_x86_64
	PYTHON_BINDING_VERSION: ${{ matrix.PYTHON_BINDING_VERSION }}
	PYTHONNOUSERSITE: 1
	environment:
	name: pypi
	url: https://pypi.org/p/ad-rss
	permissions:
	id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
	with:
	egress-policy: audit

	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 1
	submodules: recursive

	- name: Install Dependencies
	run: \|
	bash .github/workflows/install_dependencies.sh
	source ad-rss-build-venv/bin/activate
	python${PYTHON_BINDING_VERSION} -m pip install auditwheel && python${PYTHON_BINDING_VERSION} -m pip install --upgrade patchelf>=0.14

	- name: Build wheels
	shell: bash
	run: \|
	source ad-rss-build-venv/bin/activate
	colcon build --packages-select PROJ4 --event-handlers console_direct+ --cmake-args -DCMAKE_POSITION_INDEPENDENT_CODE=ON
	source install/setup.bash
	colcon build --packages-up-to ad_rss --event-handlers console_direct+ --cmake-args -DPYTHON_BINDING_VERSION=${PYTHON_BINDING_VERSION} --metas colcon_python.meta

	- name: Repair wheels
	shell: bash
	run: \|
	source ad-rss-build-venv/bin/activate
	source install/setup.bash
	for whl in install/ad_rss/dist/*.whl; do
	auditwheel repair $whl --plat ${WHEEL_PLATFORM} --wheel-dir wheelhouse/ad_rss
	done

	- name: Publish ad-rss wheel to PyPI
	uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # release/v1
	if: ${{ github.event_name == 'release'}}
	with:
	packages-dir: wheelhouse/ad_rss

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump step-security/harden-runner from 2.11.0 to 2.12.2 #26

Workflow file

Bump step-security/harden-runner from 2.11.0 to 2.12.2 #26

Uh oh!

Jobs

Run details

Workflow file for this run