Skip to content

Bump step-security/harden-runner from 2.10.1 to 2.10.2 #592

Bump step-security/harden-runner from 2.10.1 to 2.10.2

Bump step-security/harden-runner from 2.10.1 to 2.10.2 #592

Workflow file for this run

name: raven-wps Testing
on:
push:
branches:
- main
pull_request:
env:
MAIN_TESTDATA_BRANCH: "master"
concurrency:
# For a given workflow, if we push to the same branch, cancel all previous builds on that branch except on main.
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
permissions:
contents: read
jobs:
lint:
name: Code linting
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
pypi.org:443
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python${{ matrix.python-version }}
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.x"
cache: "pip"
- uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
conda:
name: Conda (Python${{ matrix.python-version }}; ${{ matrix.os }})
needs: lint
runs-on: ${{ matrix.os }}
defaults:
run:
shell: bash -l {0}
strategy:
fail-fast: false
matrix:
os: ["ubuntu-latest"]
python-version:
- "3.9"
- "3.10"
- "3.11"
- "3.12"
include:
- os: "macos-latest"
python-version: "3.10"
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
cdn.proj.org:443
conda.anaconda.org:443
files.pythonhosted.org:443
github.com:443
objects.githubusercontent.com:443
pavics.ouranos.ca:443
pypi.org:443
raw.githubusercontent.com:443
repo.anaconda.com:443
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Conda (Micromamba) with Python${{ matrix.python-version }}
uses: mamba-org/setup-micromamba@068f1ab4b37ed9b3d9f73da7db90a0cda0a48d29 # v2.0.3
with:
cache-downloads: true
cache-environment: true
environment-file: environment.yml
create-args: >-
python=${{ matrix.python-version }}
- name: Install RavenWPS
run: |
python -m pip install --no-user --editable ".[dev]"
- name: Check versions
run: |
micromamba list
python -m pip check || true
- name: Test RavenWPS
run: |
python -m pytest -m "not very_slow" tests
finish:
name: Finish
needs:
- conda
runs-on: ubuntu-latest
container: python:3-slim
steps:
- name: Finished
run: echo "Finished!"