Switch to trusted publishing #445
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build and release | ||
| on: | ||
| push: | ||
| tags: | ||
| - 'v[0-9]*' | ||
| #branches: | ||
| #- main | ||
| #pull_request: | ||
| # ^ uncomment when testing changes to build | ||
| concurrency: | ||
| group: > | ||
| ${{ github.workflow }} @ | ||
| ${{ github.event.pull_request.head.label || github.head_ref || github.ref }} | ||
| cancel-in-progress: true | ||
| jobs: | ||
| build_wheels: | ||
| name: Build wheels on ${{ matrix.os }} | ||
| runs-on: ${{ matrix.os }} | ||
| strategy: | ||
| matrix: | ||
| os: [ubuntu-22.04, ubuntu-22.04-arm, windows-2022, macos-13] | ||
| cibw-build-prefix: ['*'] | ||
| cibw-build-kind: [all] # for artifact name only | ||
| # The only reason the Ubuntu ones are split up into CPython/PyPy is to | ||
| # prevent running out of runner disk space; as of 2025, the number of | ||
| # non-EOL PyPy releases has dropped enough that it probably wouldnn't | ||
| # be an issue anymore, but keeping it anyway just in case | ||
| include: | ||
| - os: ubuntu-22.04 | ||
| cibw-build-prefix: cp* | ||
| cibw-build-kind: cp | ||
| - os: ubuntu-22.04 | ||
| cibw-build-prefix: pp* | ||
| cibw-build-kind: pp | ||
| - os: ubuntu-22.04-arm | ||
| cibw-build-prefix: cp* | ||
| cibw-build-kind: cp | ||
| - os: ubuntu-22.04-arm | ||
| cibw-build-prefix: pp* | ||
| cibw-build-kind: pp | ||
| exclude: | ||
| - os: ubuntu-22.04 | ||
| cibw-build-prefix: '*' | ||
| cibw-build-kind: all | ||
| - os: ubuntu-22.04-arm | ||
| cibw-build-prefix: '*' | ||
| cibw-build-kind: all | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Restore mtimes of files in repo | ||
| uses: chetan/[email protected] | ||
| - name: Cargo home cache | ||
| uses: actions/cache@v4 | ||
| env: | ||
| cache-name: cargo-home | ||
| with: | ||
| path: ~/cargo-home-dirs | ||
| key: ${{ env.cache-name }}-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cibw-build-prefix }}-v11.0 | ||
| restore-keys: | | ||
| ${{ env.cache-name }}-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cibw-build-prefix }}-v11. | ||
| - name: Rust build cache | ||
| uses: actions/cache@v4 | ||
| env: | ||
| cache-name: rust-build | ||
| with: | ||
| path: ~/cargo-target-dirs | ||
| key: ${{ env.cache-name }}-${{ runner.os }}-${{ runner.arch }}-v11.0-${{ matrix.cibw-build-prefix }}-${{ hashFiles('**/Cargo.toml') }} | ||
| restore-keys: | | ||
| ${{ env.cache-name }}-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cibw-build-prefix }}-v11. | ||
| - name: Save env vars for cibuildwheel | ||
| run: > | ||
| echo "MAIN_DIR=$PWD" >> "$GITHUB_ENV"; | ||
| echo "OUTER_HOME=$HOME" >> "$GITHUB_ENV"; | ||
| cat "$GITHUB_ENV" | ||
| shell: bash | ||
| - name: Build wheels | ||
| uses: pypa/[email protected] | ||
| env: | ||
| CIBW_ENABLE: > | ||
| pypy | ||
| CIBW_BUILD: > | ||
| ${{ matrix.cibw-build-prefix }} | ||
| CIBW_SKIP: > | ||
| *musllinux* cp3??t-* | ||
| CIBW_ENVIRONMENT_LINUX: > | ||
| HOST_HOME_DIR="/host/${{ env.OUTER_HOME }}" | ||
| HOST_PROJ_DIR="/host/${{ env.MAIN_DIR }}" | ||
| PROJ_DIR="/project" | ||
| PATH="/host/${{ env.OUTER_HOME }}/.cargo/bin:$PATH" | ||
| CARGO_HOME="/host/${{ env.OUTER_HOME }}/.cargo" | ||
| RUSTUP_HOME="/host/${{ env.OUTER_HOME }}/.rustup" | ||
| CARGO_TARGET_DIR="/host/${{ env.OUTER_HOME }}/target" | ||
| CARGO_LOG="cargo::core::compiler::fingerprint=info" | ||
| HOST_HOME_DIR_UNIX="/host/${{ env.OUTER_HOME }}" | ||
| CARGO_HOME_UNIX="/host/${{ env.OUTER_HOME }}/.cargo" | ||
| RUSTUP_HOME_UNIX="/host/${{ env.OUTER_HOME }}/.rustup" | ||
| CARGO_TARGET_DIR_UNIX="/host/${{ env.OUTER_HOME }}/target" | ||
| CIBW_ENVIRONMENT_MACOS: > | ||
| HOST_HOME_DIR="$HOME" | ||
| HOST_PROJ_DIR="$GITHUB_WORKSPACE" | ||
| PROJ_DIR="$GITHUB_WORKSPACE" | ||
| PATH="$HOME/.cargo/bin:$PATH" | ||
| CARGO_HOME="$HOME/.cargo" | ||
| RUSTUP_HOME="$HOME/.rustup" | ||
| CARGO_TARGET_DIR="$HOME/target" | ||
| CARGO_LOG="cargo::core::compiler::fingerprint=info" | ||
| HOST_HOME_DIR_UNIX="$HOME" | ||
| CARGO_HOME_UNIX="$HOME/.cargo" | ||
| RUSTUP_HOME_UNIX="$HOME/.rustup" | ||
| CARGO_TARGET_DIR_UNIX="$HOME/target" | ||
| MACOSX_DEPLOYMENT_TARGET="10.12" | ||
| CIBW_ENVIRONMENT_WINDOWS: > | ||
| HOST_HOME_DIR="$HOME" | ||
| HOST_PROJ_DIR="$GITHUB_WORKSPACE" | ||
| PROJ_DIR="$GITHUB_WORKSPACE" | ||
| PATH="$HOME\\.cargo\\bin;$PATH" | ||
| CARGO_HOME="$HOME\\.cargo" | ||
| RUSTUP_HOME="$HOME\\.rustup" | ||
| CARGO_TARGET_DIR="$HOME\\target" | ||
| CARGO_LOG="cargo::core::compiler::fingerprint=info" | ||
| HOST_HOME_DIR_UNIX="${{ env.OUTER_HOME }}" | ||
| CARGO_HOME_UNIX="${{ env.OUTER_HOME }}/.cargo" | ||
| RUSTUP_HOME_UNIX="${{ env.OUTER_HOME }}/.rustup" | ||
| CARGO_TARGET_DIR_UNIX="${{ env.OUTER_HOME }}/target" | ||
| CIBW_ARCHS_MACOS: "x86_64 arm64" | ||
| CIBW_BEFORE_BUILD_LINUX: > | ||
| bash $PROJ_DIR/ci-utils/before-build-linux.sh | ||
| CIBW_BEFORE_BUILD_MACOS: > | ||
| bash $PROJ_DIR/ci-utils/before-build-mac.sh | ||
| CIBW_BEFORE_BUILD_WINDOWS: > | ||
| bash ci-utils/before-build-win.sh | ||
| CIBW_REPAIR_WHEEL_COMMAND_LINUX: > | ||
| auditwheel repair -w {dest_dir} {wheel}; | ||
| bash $PROJ_DIR/ci-utils/after-build.sh | ||
| CIBW_REPAIR_WHEEL_COMMAND_WINDOWS: > | ||
| cp {wheel} {dest_dir} & | ||
| bash %PROJ_DIR%/ci-utils/after-build.sh | ||
| CIBW_REPAIR_WHEEL_COMMAND_MACOS: > | ||
| delocate-listdeps {wheel} && delocate-wheel --require-archs \ | ||
| {delocate_archs} -w {dest_dir} {wheel}; | ||
| bash $PROJ_DIR/ci-utils/after-build.sh | ||
| CIBW_BUILD_VERBOSITY: 1 | ||
| - uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: artifact-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cibw-build-kind }} | ||
| path: ./wheelhouse/*.whl | ||
| build_sdist: | ||
| name: Build source distribution | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Build sdist | ||
| run: pipx run build --sdist | ||
| - name: Install tool to post-process sdist to make extension optional | ||
| run: pip install 'postprocess-sdist-make-rust-ext-opt>=0.2,<0.3' | ||
| - name: Post-process sdist to make extension optional | ||
| run: postprocess-sdist-make-rust-ext-opt -fO dist dist/*.tar.gz | ||
| - uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: artifact-source | ||
| path: dist/*.tar.gz | ||
| upload_pypi: | ||
| needs: [build_wheels, build_sdist] | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| id-token: write # needed for trusted publishing | ||
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | ||
| steps: | ||
| - uses: actions/download-artifact@v4 | ||
| with: | ||
| pattern: artifact-* | ||
| merge-multiple: true | ||
| path: dist | ||
| - uses: pypa/gh-action-pypi-publish@release/v1 | ||
| with: | ||
| # testing: | ||
| #repository_url: https://test.pypi.org/legacy/ | ||
