build(deps): bump github/codeql-action from 3.28.9 to 3.28.11 #60
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: OZI Checkpoint-only | |
| on: | |
| pull_request: | |
| branches: | |
| - '**' | |
| permissions: | |
| contents: read | |
| jobs: | |
| checkpoint-cp310-ubuntu-latest: | |
| name: checkpoint (Python 3.10 on ubuntu-latest) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| api.github.com:443 | |
| oziproject.dev:443 | |
| www.oziproject.dev:443 | |
| pypi.org:443 | |
| registry.npmjs.org:443 | |
| objects.github.com:443 | |
| fulcio.sigstore.dev:443 | |
| rekor.sigstore.dev:443 | |
| tuf-repo-cdn.sigstore.dev:443 | |
| oauth2.sigstore.dev:443 | |
| - uses: OZI-Project/checkpoint@f14cac563125e34d106b3a1e0ddb2773062953e5 # 1.5.5 | |
| with: | |
| python-version: "3.10" | |
| checkpoint-cp311-ubuntu-latest: | |
| name: checkpoint (Python 3.11 on ubuntu-latest) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| api.github.com:443 | |
| oziproject.dev:443 | |
| www.oziproject.dev:443 | |
| pypi.org:443 | |
| registry.npmjs.org:443 | |
| objects.github.com:443 | |
| fulcio.sigstore.dev:443 | |
| rekor.sigstore.dev:443 | |
| tuf-repo-cdn.sigstore.dev:443 | |
| oauth2.sigstore.dev:443 | |
| - uses: OZI-Project/checkpoint@f14cac563125e34d106b3a1e0ddb2773062953e5 # 1.5.5 | |
| with: | |
| python-version: "3.11" | |
| checkpoint-cp312-ubuntu-latest: | |
| name: checkpoint (Python 3.12 on ubuntu-latest) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| api.github.com:443 | |
| oziproject.dev:443 | |
| www.oziproject.dev:443 | |
| pypi.org:443 | |
| registry.npmjs.org:443 | |
| objects.github.com:443 | |
| fulcio.sigstore.dev:443 | |
| rekor.sigstore.dev:443 | |
| tuf-repo-cdn.sigstore.dev:443 | |
| oauth2.sigstore.dev:443 | |
| - uses: OZI-Project/checkpoint@f14cac563125e34d106b3a1e0ddb2773062953e5 # 1.5.5 | |
| with: | |
| python-version: "3.12" | |
| checkpoint-cp313-ubuntu-latest: | |
| name: checkpoint (Python 3.13 on ubuntu-latest) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| api.github.com:443 | |
| oziproject.dev:443 | |
| www.oziproject.dev:443 | |
| pypi.org:443 | |
| registry.npmjs.org:443 | |
| objects.github.com:443 | |
| fulcio.sigstore.dev:443 | |
| rekor.sigstore.dev:443 | |
| tuf-repo-cdn.sigstore.dev:443 | |
| index.crates.io:443 | |
| static.crates.io:443 | |
| - uses: OZI-Project/checkpoint@f14cac563125e34d106b3a1e0ddb2773062953e5 | |
| with: | |
| python-version: "3.13" |