Skip to content
build

[StepSecurity] Apply security best practices (#139) #348

Sign in to view logs

[StepSecurity] Apply security best practices (#139)

[StepSecurity] Apply security best practices (#139) #348

Workflow file for this run

.github/workflows/build.yml at b1667d3
name: build
on:
pull_request:
workflow_dispatch:
push:
branches:
- main
- stable/**
permissions:
contents: read
jobs:
image:
name: ${{ matrix.name }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: ubuntu
image-name: python-base-ubuntu
from: ubuntu:24.04@sha256:d1e2e92c075e5ca139d51a140fff46f84315c0fdce203eab2807c7e495eff4f9
- name: ubuntu-cloud-archive
image-name: python-base-ubuntu-cloud-archive
from: ghcr.io/vexxhost/ubuntu-cloud-archive:main@sha256:fdaeaa7b8d8631644bb94403423794a5f730a3d4b8723d26a0977c7a595b9f8e
- name: ubuntu-cloud-archive-legacy
image-name: python-base
from: ghcr.io/vexxhost/ubuntu-cloud-archive:main@sha256:fdaeaa7b8d8631644bb94403423794a5f730a3d4b8723d26a0977c7a595b9f8e
- name: debian
image-name: python-base-debian
from: debian:trixie@sha256:3615a749858a1cba49b408fb49c37093db813321355a9ab7c1f9f4836341e9db
- name: rockylinux
image-name: python-base-rockylinux
from: rockylinux:9@sha256:d7be1c094cc5845ee815d4632fe377514ee6ebcf8efaed6892889657e5ddaaa6
- name: almalinux
image-name: python-base-almalinux
from: almalinux:10@sha256:3ea6bed76e47c1a816ed7e1ed7be8661efcf6984bec90bcad5ec73b66b6754ce
permissions:
contents: read
id-token: write
packages: write
pull-requests: write
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
with:
egress-policy: audit
- uses: vexxhost/docker-atmosphere/.github/actions/build-image@672cf56c8b828e444b6e7906d0ee355c7ec1dea9 # main
with:
image-name: ${{ matrix.image-name }}
build-args: FROM=${{ matrix.from }}
push: ${{ github.event_name != 'pull_request' }}