Enhance security by refining the uploading workflow

Question

Enhance security by refining the uploading workflow

Closed this issue 4 months ago · 1 comments

As of mmh3 4.1.0, the destination for built Python wheels is specified by workflow_dispatch (choices: a dummy value for local testing, TestPyPI, and real PyPI). However, this approach can cause a security issue, as reported by Checkov via super-linter 7.0.0.

To address this issue, I will create a composite action for building wheels that can be reused across different workflows. Then, I will write three separate uploading workflows: one for local testing (by "local" I mean GitHub Actions), one for TestPyPI, and one for production. Each of these workflows will call the reusable composite action.

Answer 1 · 2024-08-27T12:57:00.000Z

I refactored the building and uploading process by creating a reusable workflow (instead of a composite action). I also re-enabled VALIDATE_CHECKOV of super-linter 7.0.0.