Merge pull request #5 from step-security-bot/chore/GHA-181458-stepsec… #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: semantic release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: false | |
| env: | |
| GH_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
| permissions: | |
| contents: read | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| ref: ${{ github.ref_name }} | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Reset branch | |
| run: | | |
| git reset --hard ${{ github.sha }} | |
| - name: Setup Python | |
| uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4.9.1 | |
| with: | |
| python-version: '3.8.18' | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install setuptools wheel python-semantic-release build | |
| - name: Release | |
| run: | | |
| # symbolic link to fix an error when running a build_command | |
| sudo ln -s /home/runner/_work/_tool/Python/3.8.18/x64/lib/libpython3.8.so.1.0 /usr/lib/libpython3.8.so.1.0 | |
| semantic-release version | |
| semantic-release publish |