.github/workflows/dev-workflow.yml
# Part of the OZI Project, under the Apache License v2.0 with LLVM Exceptions.
# See LICENSE.txt for license information.
# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
name: OZI Checkpoint-only
on:
pull_request:
branches:
- '**'
permissions:
contents: read
jobs:
checkpoint-cp310-ubuntu-latest:
name: checkpoint (Python 3.10 on ubuntu-latest)
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
api.github.com:443
oziproject.dev:443
pypi.org:443
registry.npmjs.org:443
objects.githubusercontent.com:443
fulcio.sigstore.dev:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
oauth2.sigstore.dev:443
- uses: OZI-Project/checkpoint@fff79a1993b9a0822e7b594dcbdb164a7cff4292 # 1.0.2
with:
python-version: "3.10"
checkpoint-cp311-ubuntu-latest:
name: checkpoint (Python 3.11 on ubuntu-latest)
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
api.github.com:443
oziproject.dev:443
pypi.org:443
registry.npmjs.org:443
objects.githubusercontent.com:443
fulcio.sigstore.dev:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
oauth2.sigstore.dev:443
- uses: OZI-Project/checkpoint@fff79a1993b9a0822e7b594dcbdb164a7cff4292 # 1.0.2
with:
python-version: "3.11"
checkpoint-cp312-ubuntu-latest:
name: checkpoint (Python 3.12 on ubuntu-latest)
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
api.github.com:443
oziproject.dev:443
pypi.org:443
registry.npmjs.org:443
objects.githubusercontent.com:443
fulcio.sigstore.dev:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
oauth2.sigstore.dev:443
- uses: OZI-Project/checkpoint@fff79a1993b9a0822e7b594dcbdb164a7cff4292 # 1.0.2
with:
python-version: "3.12"
checkpoint-cp313-ubuntu-latest:
name: checkpoint (Python 3.13 on ubuntu-latest)
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
api.github.com:443
oziproject.dev:443
pypi.org:443
registry.npmjs.org:443
objects.githubusercontent.com:443
fulcio.sigstore.dev:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
index.crates.io:443
static.crates.io:443
- uses: OZI-Project/checkpoint@fff79a1993b9a0822e7b594dcbdb164a7cff4292
with:
python-version: "3.13"