File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1515 if : github.repository == 'developmentseed/titiler'
1616 runs-on : ubuntu-latest
1717 permissions :
18- contents : write
19- pull-requests : write
18+ contents : write # Push benchmark results to gh-benchmarks branch
19+ pull-requests : write # Leave PR comments when benchmark regressions exceed alert threshold
2020
2121 steps :
2222 - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
Original file line number Diff line number Diff line change 9494 runs-on : ubuntu-latest
9595 permissions :
9696 contents : read
97- packages : write
97+ packages : write # Push multi-arch images to ghcr.io for this repository
9898 strategy :
9999 matrix :
100100 include :
Original file line number Diff line number Diff line change 1414 run :
1515 working-directory : deployment/aws
1616 permissions :
17- id-token : write
17+ id-token : write # AWS OIDC: exchange JWT for temporary credentials in configure-aws-credentials
1818 contents : read
1919 steps :
2020 - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
4747
4848 # Build and Deploy CDK application
4949 - name : Build & Deploy
50- run : uv run cdk deploy ${{ secrets. STACK_NAME }} -lambda-${{ secrets. STACK_STAGE }} --require-approval never
50+ run : uv run cdk deploy "${ STACK_NAME} -lambda-${STACK_STAGE}" --require-approval never
5151 env :
52+ STACK_NAME : ${{ secrets.STACK_NAME }}
53+ STACK_STAGE : ${{ secrets.STACK_STAGE }}
5254 TITILER_STACK_NAME : ${{ secrets.STACK_NAME }}
5355 TITILER_STACK_STAGE : ${{ secrets.STACK_STAGE }}
5456 TITILER_STACK_MEMORY : ${{ secrets.STACK_MEMORY }}
Original file line number Diff line number Diff line change 1919 runs-on : ubuntu-latest
2020 environment : github-pages
2121 permissions :
22- contents : write
22+ contents : write # mkdocs gh-deploy pushes the built site to gh-pages
2323 steps :
2424 - name : Checkout main
2525 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
Original file line number Diff line number Diff line change 4444 echo "version=$(uv version --short)" >> $GITHUB_OUTPUT
4545
4646 - name : Check version match
47+ env :
48+ TAG_VERSION : ${{ steps.tag.outputs.version }}
49+ MODULE_VERSION : ${{ steps.module.outputs.version }}
4750 run : |
48- if [ "${{ steps.tag.outputs.version }} " != "${{ steps.module.outputs.version }} " ]; then
49- echo "Tag version (${{ steps.tag.outputs.version }} ) does not match module version (${{ steps.module.outputs.version }} )"
51+ if [ "$TAG_VERSION " != "$MODULE_VERSION " ]; then
52+ echo "Tag version ($TAG_VERSION ) does not match module version ($MODULE_VERSION )"
5053 exit 1
5154 fi
5255
6669 name : pypi-release
6770 permissions :
6871 contents : read
69- id-token : write
72+ id-token : write # OIDC token for PyPI trusted publishing (pypa/gh-action-pypi-publish)
7073 steps :
7174 - uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
7275 with :
Original file line number Diff line number Diff line change 2121 name : Run zizmor
2222 runs-on : ubuntu-latest
2323 permissions :
24- # Required for upload-sarif (used by zizmor-action) to upload SARIF files.
25- security-events : write
24+ security-events : write # Upload zizmor SARIF to GitHub Code Scanning
2625 contents : read
2726 steps :
2827 - name : Checkout repository
You can’t perform that action at this time.
0 commit comments