Bump step-security/harden-runner from 2.8.1 to 2.10.1 (#28) #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Deploy Sphinx content to GitHub Pages | |
| name: Deploy Sphinx documentation | |
| on: | |
| # Runs on pushes targeting the default branch | |
| push: | |
| branches: ["main"] | |
| release: | |
| workflow_dispatch: | |
| # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages | |
| permissions: | |
| contents: read | |
| pages: write | |
| id-token: write | |
| # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. | |
| # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. | |
| concurrency: | |
| group: "pages" | |
| cancel-in-progress: false | |
| jobs: | |
| build-main: | |
| if: ${{ ! startsWith(github.ref, 'refs/tags/') }} | |
| name: Build the documentation with Sphinx | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - run: git fetch origin main | |
| - name: troubleshooting | |
| run: | | |
| git branch | |
| git remote -v | |
| - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
| with: | |
| python-version: '3.11' | |
| - name: Install package | |
| run: | | |
| sudo apt-get install -y doxygen graphviz | |
| pip install -e .[docs] | |
| pip install -r requirements.txt | |
| - name: Build documentation | |
| run: sphinx-build docs/ docs/_build/html | |
| - name: Upload artifact | |
| uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 | |
| with: | |
| path: 'docs/_build/html' | |
| build-tagged: | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| name: Build tagged release documentation with Sphinx | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - run: git fetch origin main | |
| - name: troubleshooting | |
| run: | | |
| git branch | |
| git remote -v | |
| - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
| with: | |
| python-version: '3.11' | |
| - name: Install package | |
| run: | | |
| sudo apt-get install -y doxygen graphviz | |
| pip install -e .[docs] | |
| pip install -r requirements.txt | |
| - name: Build documentation | |
| run: sphinx-build docs/ docs/_build/html/${{ github.ref_name }} | |
| - name: Upload artifact | |
| uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 | |
| with: | |
| path: 'docs/_build/html' | |
| deploy: | |
| name: Deploy documentation to GitHub Pages | |
| needs: [build-main, build-tagged] | |
| if: ${{ always() }} | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
| with: | |
| egress-policy: audit | |
| - name: Setup Pages | |
| uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 |