🔧 allow content write gh release upload artifacts #148
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- '*' | |
workflow_dispatch: | |
pull_request: | |
permissions: | |
contents: read | |
concurrency: | |
group: ci-${{ github.ref_name }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- run: pip install pre-commit | |
name: Install pre-commit | |
- run: pre-commit run --all | |
name: Run pre-commit checks | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-22.04, macos-13, windows-latest ] | |
python_version: ['3.7', '3.8', '3.9', '3.10', '3.11', '3.12', '3.13', 'pypy-3.7', 'pypy-3.8', 'pypy-3.9', 'pypy-3.10'] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python_version }} | |
allow-prereleases: true | |
- name: Setup dependencies | |
run: pip install pytest | |
- name: Install mkcert (Linux) | |
if: matrix.os == 'ubuntu-22.04' | |
run: sudo apt-get install mkcert | |
- name: Install mkcert (MacOS) | |
if: matrix.os == 'macos-13' | |
run: brew install mkcert | |
- name: Inject fake CA in TrustStore | |
if: matrix.os == 'macos-13' || matrix.os == 'ubuntu-22.04' | |
run: mkcert -install | |
- name: Generate a valid certificate | |
if: matrix.os == 'macos-13' || matrix.os == 'ubuntu-22.04' | |
run: mkcert example.test | |
- name: Build wheels (Unix, Linux) | |
if: matrix.os != 'windows-latest' | |
uses: PyO3/maturin-action@v1 | |
env: | |
UNSAFE_PYO3_SKIP_VERSION_CHECK: 1 | |
with: | |
args: --release --out dist --interpreter ${{ matrix.python_version }} | |
sccache: 'true' | |
manylinux: auto | |
docker-options: -e UNSAFE_PYO3_SKIP_VERSION_CHECK=1 | |
- name: Build wheels (NT) | |
if: matrix.os == 'windows-latest' | |
uses: PyO3/maturin-action@v1 | |
env: | |
UNSAFE_PYO3_SKIP_VERSION_CHECK: 1 | |
with: | |
args: --release --out dist | |
sccache: 'true' | |
target: x64 | |
- run: pip install --find-links=./dist wassima | |
name: Install built package | |
- name: Ensure test target (NT) | |
if: matrix.os == 'windows-latest' | |
run: Remove-Item -Path wassima -Force -Recurse | |
- name: Ensure test target (Linux, Unix) | |
if: matrix.os != 'windows-latest' | |
run: rm -fR wassima | |
- run: pytest tests/ | |
name: Run tests | |
linux: | |
runs-on: ubuntu-22.04 | |
needs: | |
- test | |
- lint | |
strategy: | |
fail-fast: false | |
matrix: | |
target: [x86_64, x86, aarch64, armv7, s390x, ppc64le, ppc64, i686] | |
python_version: ['3.10', 'pypy-3.7', 'pypy-3.8', 'pypy-3.9', 'pypy-3.10', '3.13t'] | |
manylinux: ['auto', 'musllinux_1_1'] | |
exclude: | |
- manylinux: musllinux_1_1 | |
target: s390x | |
- manylinux: musllinux_1_1 | |
target: ppc64 | |
- manylinux: musllinux_1_1 | |
target: ppc64le | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
if: matrix.python_version != '3.13t' | |
with: | |
python-version: ${{ matrix.python_version }} | |
- uses: Quansight-Labs/setup-python@v5 | |
if: matrix.python_version == '3.13t' | |
with: | |
python-version: '3.13t' | |
- name: Build wheels | |
uses: PyO3/maturin-action@v1 | |
env: | |
UNSAFE_PYO3_SKIP_VERSION_CHECK: 1 | |
with: | |
target: ${{ matrix.target }} | |
args: --release --out dist --interpreter ${{ matrix.python_version }} | |
sccache: 'true' | |
manylinux: ${{ matrix.manylinux }} | |
docker-options: -e UNSAFE_PYO3_SKIP_VERSION_CHECK=1 | |
- name: Upload wheels | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 | |
with: | |
name: wheels-linux-${{ matrix.manylinux }}-${{ matrix.target }}-${{ matrix.python_version }} | |
path: dist/*.whl | |
windows: | |
needs: | |
- test | |
- lint | |
runs-on: windows-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
target: [x64, aarch64, x86] | |
python_version: ['3.10', 'pypy-3.7', 'pypy-3.8', 'pypy-3.9', 'pypy-3.10', '3.13t'] | |
exclude: | |
- target: aarch64 | |
python_version: 'pypy-3.7' | |
- target: aarch64 | |
python_version: 'pypy-3.8' | |
- target: aarch64 | |
python_version: 'pypy-3.9' | |
- target: aarch64 | |
python_version: 'pypy-3.10' | |
- target: x86 | |
python_version: 'pypy-3.7' | |
- target: x86 | |
python_version: 'pypy-3.8' | |
- target: x86 | |
python_version: 'pypy-3.9' | |
- target: x86 | |
python_version: 'pypy-3.10' | |
- target: x86 | |
python_version: '3.13t' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
if: matrix.python_version != '3.13t' | |
with: | |
python-version: ${{ matrix.python_version }} | |
architecture: ${{ matrix.target == 'x86' && 'x86' || 'x64' }} | |
- uses: Quansight-Labs/setup-python@v5 | |
if: matrix.python_version == '3.13t' && matrix.target == 'x64' | |
with: | |
python-version: '3.13t' | |
architecture: x64 | |
- name: Build wheels (normal) | |
uses: PyO3/maturin-action@v1 | |
if: matrix.python_version != '3.13t' || matrix.target == 'x64' | |
env: | |
UNSAFE_PYO3_SKIP_VERSION_CHECK: 1 | |
with: | |
target: ${{ matrix.target }} | |
args: --release --out dist | |
sccache: 'false' | |
- name: Build wheels (workaround 3.13t arm64) | |
uses: PyO3/maturin-action@v1 | |
if: matrix.python_version == '3.13t' && matrix.target == 'aarch64' | |
env: | |
PYO3_CROSS: 1 | |
with: | |
target: ${{ matrix.target }} | |
args: --release --out dist -i 3.13t | |
sccache: 'false' | |
- name: Upload wheels | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 | |
with: | |
name: wheels-windows-${{ matrix.target }}-${{ matrix.python_version }} | |
path: dist/*.whl | |
macos: | |
needs: | |
- test | |
- lint | |
runs-on: macos-13 | |
strategy: | |
fail-fast: false | |
matrix: | |
target: [universal2] | |
python_version: ['3.10', 'pypy-3.7', 'pypy-3.8', 'pypy-3.9', 'pypy-3.10', '3.13t'] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
if: matrix.python_version != '3.13t' | |
with: | |
python-version: ${{ matrix.python_version }} | |
- uses: Quansight-Labs/setup-python@v5 | |
if: matrix.python_version == '3.13t' | |
with: | |
python-version: '3.13t' | |
- name: Build wheels | |
uses: PyO3/maturin-action@v1 | |
env: | |
UNSAFE_PYO3_SKIP_VERSION_CHECK: 1 | |
with: | |
target: ${{ matrix.target }} | |
args: --release --out dist | |
sccache: 'true' | |
- name: Upload wheels | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 | |
with: | |
name: wheels-macos-${{ matrix.target }}-${{ matrix.python_version }} | |
path: dist/*.whl | |
sdist: | |
needs: | |
- test | |
- lint | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build sdist | |
uses: PyO3/maturin-action@v1 | |
with: | |
command: sdist | |
args: --out dist | |
- name: Upload sdist | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 | |
with: | |
name: wheels-sdist | |
path: dist/*.tar.gz | |
universal: | |
needs: | |
- test | |
- lint | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: Install dependencies | |
run: python -m pip install build wheel | |
- name: Use fallback pyproject.toml | |
run: rm -f pyproject.toml && mv pyproject.fb.toml pyproject.toml | |
- name: Build fallback wheel | |
run: python -m build | |
- name: Upload sdist | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 | |
with: | |
name: wheels-universal | |
path: dist/*.whl | |
checksum: | |
name: compute hashes | |
runs-on: ubuntu-22.04 | |
needs: [linux, windows, macos, sdist, universal] | |
outputs: | |
hashes: ${{ steps.compute.outputs.hashes }} | |
steps: | |
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 | |
- name: Download distributions | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
pattern: wheels-* | |
path: dist | |
merge-multiple: true | |
- name: Collected dists | |
run: | | |
tree dist | |
- name: Generate hashes | |
id: compute # needs.checksum.outputs.hashes | |
working-directory: ./dist | |
run: echo "hashes=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT | |
provenance: | |
needs: checksum | |
if: "startsWith(github.ref, 'refs/tags/')" | |
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 | |
permissions: | |
actions: read | |
id-token: write | |
contents: write | |
with: | |
base64-subjects: ${{ needs.checksum.outputs.hashes }} | |
upload-assets: true | |
compile-generator: true | |
release: | |
name: release | |
runs-on: ubuntu-22.04 | |
if: "startsWith(github.ref, 'refs/tags/')" | |
needs: provenance | |
environment: pypi | |
permissions: | |
id-token: write | |
contents: write | |
steps: | |
- name: Download distributions | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
pattern: wheels-* | |
path: dist | |
merge-multiple: true | |
- name: "Upload dists to GitHub Release" | |
env: | |
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
run: | | |
gh release upload ${{ github.ref_name }} dist/* --repo ${{ github.repository }} | |
- name: Publish to PyPI | |
uses: "pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70" # v1.12.3 |