Store as artifact and don't go further #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: [push, pull_request, workflow_dispatch] | |
# Notes on workflow security: | |
# This workflow was written such that the release artifacts (wheels) | |
# are built and published in an environment with the least additional dependencies. | |
# To achieve that, the execution of tests and the building of docs is done | |
# in separate jobs from the job that builds wheels. Both tests and docs require | |
# many additional PyPI packages each of which could insert malicious code into | |
# the built wheels if everything was running within a single job. | |
# Another concern is the use of third-party actions ('uses:'). In particular, | |
# uploaded artifacts (wheels) can be overridden in subsequent build steps/jobs. | |
# This is possible as actions (compared to 'run:' scripts) have access to a | |
# special (undocumented) artifacts token (not the regular GITHUB_TOKEN) which | |
# is used by the actions/upload-artifact action. See also: | |
# https://github.com/actions/upload-artifact/issues/197 | |
# As a mitigation, in this workflow none of the jobs that run before and | |
# including the one that publishes the wheels to PyPI uses third-party actions. | |
# Lastly, the GITHUB_TOKEN permissions are set to read-only by default except | |
# for the job that deploys to GitHub Pages. In that job, a third-party action | |
# is used that writes to the 'gh-pages' branch of the repository. | |
# This will change in the near future once pages can be deployed directly | |
# without writing to a branch by using the new in-beta actions/deploy-pages action. | |
# After that, no third-party actions will be used and the token permissions are fully | |
# read-only. | |
permissions: read-all | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
# NOTE: When updating this list, also update the 'test' job! | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.8' | |
numpy-version: '1.17.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.9' | |
numpy-version: '1.19.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.10' | |
numpy-version: '1.21.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.11' | |
numpy-version: '1.23.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.12' | |
numpy-version: '1.26.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_aarch64 | |
python-arch: 'aarch64' | |
python-version: '3.8' | |
numpy-version: '1.19.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_aarch64 | |
python-arch: 'aarch64' | |
python-version: '3.9' | |
numpy-version: '1.19.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_aarch64 | |
python-arch: 'aarch64' | |
python-version: '3.10' | |
numpy-version: '1.21.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_aarch64 | |
python-arch: 'aarch64' | |
python-version: '3.11' | |
numpy-version: '1.23.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_aarch64 | |
python-arch: 'aarch64' | |
python-version: '3.12' | |
numpy-version: '1.26.*' | |
- os-image: macos-latest | |
os-name: mac | |
macos-min-version: '10.9' | |
python-arch: 'x86_64' | |
python-version: '3.8' | |
numpy-version: '1.17.*' | |
- os-image: macos-latest | |
os-name: mac | |
macos-min-version: '10.9' | |
python-arch: 'x86_64' | |
python-version: '3.9' | |
numpy-version: '1.19.*' | |
- os-image: macos-latest | |
os-name: mac | |
macos-min-version: '10.9' | |
python-arch: 'x86_64' | |
python-version: '3.10' | |
numpy-version: '1.21.*' | |
- os-image: macos-latest | |
os-name: mac | |
macos-min-version: '10.9' | |
python-arch: 'x86_64' | |
python-version: '3.11' | |
numpy-version: '1.23.*' | |
- os-image: macos-latest | |
os-name: mac | |
macos-min-version: '10.9' | |
python-arch: 'x86_64' | |
python-version: '3.12' | |
numpy-version: '1.26.*' | |
- os-image: windows-2019 | |
os-name: windows | |
python-arch: 'x86_64' | |
python-version: '3.8' | |
numpy-version: '1.17.*' | |
- os-image: windows-2019 | |
os-name: windows | |
python-arch: 'x86_64' | |
python-version: '3.9' | |
numpy-version: '1.19.*' | |
- os-image: windows-2019 | |
os-name: windows | |
python-arch: 'x86_64' | |
python-version: '3.10' | |
numpy-version: '1.21.*' | |
- os-image: windows-2019 | |
os-name: windows | |
python-arch: 'x86_64' | |
python-version: '3.11' | |
numpy-version: '1.23.*' | |
- os-image: windows-2019 | |
os-name: windows | |
python-arch: 'x86_64' | |
python-version: '3.12' | |
numpy-version: '1.26.*' | |
runs-on: ${{ matrix.config.os-image }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Set up QEMU | |
if: matrix.config.python-arch == 'aarch64' | |
uses: docker/setup-qemu-action@v1 | |
- name: Build wheels (Linux) | |
if: matrix.config.os-name == 'linux' | |
run: docker run --rm -e PYTHON_ARCH -e PYTHON_VERSION -e NUMPY_VERSION -v `pwd`:/io ${{ matrix.config.docker-image }} /io/.github/scripts/build-linux.sh | |
env: | |
PYTHON_ARCH: ${{ matrix.config.python-arch }} | |
PYTHON_VERSION: ${{ matrix.config.python-version }} | |
NUMPY_VERSION: ${{ matrix.config.numpy-version }} | |
- name: Build wheels (macOS) | |
if: matrix.config.os-name == 'mac' | |
run: .github/scripts/build-macos.sh | |
env: | |
MACOS_MIN_VERSION: ${{ matrix.config.macos-min-version }} | |
PYTHON_ARCH: ${{ matrix.config.python-arch }} | |
PYTHON_VERSION: ${{ matrix.config.python-version }} | |
NUMPY_VERSION: ${{ matrix.config.numpy-version }} | |
- name: Setup Python (Windows) | |
if: matrix.config.os-name == 'windows' | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.config.python-version }} | |
- name: Build wheels (Windows) | |
if: matrix.config.os-name == 'windows' | |
run: .github/scripts/build-windows.ps1 | |
shell: pwsh | |
env: | |
PYTHON_VERSION: ${{ matrix.config.python-version }} | |
PYTHON_ARCH: ${{ matrix.config.python-arch }} | |
NUMPY_VERSION: ${{ matrix.config.numpy-version }} | |
- name: Store wheels as artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: wheels | |
path: dist | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
# GitHub Actions doesn't support YAML anchors, | |
# so this has to be duplicated here. | |
config: | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.8' | |
numpy-version: '1.17.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.9' | |
numpy-version: '1.19.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.10' | |
numpy-version: '1.21.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.11' | |
numpy-version: '1.23.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.12' | |
numpy-version: '1.26.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_aarch64 | |
python-arch: 'aarch64' | |
python-version: '3.8' | |
numpy-version: '1.19.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_aarch64 | |
python-arch: 'aarch64' | |
python-version: '3.9' | |
numpy-version: '1.19.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_aarch64 | |
python-arch: 'aarch64' | |
python-version: '3.10' | |
numpy-version: '1.21.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_aarch64 | |
python-arch: 'aarch64' | |
python-version: '3.11' | |
numpy-version: '1.23.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_aarch64 | |
python-arch: 'aarch64' | |
python-version: '3.12' | |
numpy-version: '1.26.*' | |
- os-image: macos-latest | |
os-name: mac | |
macos-min-version: '10.9' | |
python-arch: 'x86_64' | |
python-version: '3.8' | |
numpy-version: '1.17.*' | |
- os-image: macos-latest | |
os-name: mac | |
macos-min-version: '10.9' | |
python-arch: 'x86_64' | |
python-version: '3.9' | |
numpy-version: '1.19.*' | |
- os-image: macos-latest | |
os-name: mac | |
macos-min-version: '10.9' | |
python-arch: 'x86_64' | |
python-version: '3.10' | |
numpy-version: '1.21.*' | |
- os-image: macos-latest | |
os-name: mac | |
macos-min-version: '10.9' | |
python-arch: 'x86_64' | |
python-version: '3.11' | |
numpy-version: '1.23.*' | |
- os-image: macos-latest | |
os-name: mac | |
macos-min-version: '10.9' | |
python-arch: 'x86_64' | |
python-version: '3.12' | |
numpy-version: '1.26.*' | |
- os-image: windows-2019 | |
os-name: windows | |
python-arch: 'x86_64' | |
python-version: '3.8' | |
numpy-version: '1.17.*' | |
- os-image: windows-2019 | |
os-name: windows | |
python-arch: 'x86_64' | |
python-version: '3.9' | |
numpy-version: '1.19.*' | |
- os-image: windows-2019 | |
os-name: windows | |
python-arch: 'x86_64' | |
python-version: '3.10' | |
numpy-version: '1.21.*' | |
- os-image: windows-2019 | |
os-name: windows | |
python-arch: 'x86_64' | |
python-version: '3.11' | |
numpy-version: '1.23.*' | |
- os-image: windows-2019 | |
os-name: windows | |
python-arch: 'x86_64' | |
python-version: '3.12' | |
numpy-version: '1.26.*' | |
runs-on: ${{ matrix.config.os-image }} | |
needs: build | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Download wheels from artifact storage | |
uses: actions/download-artifact@v3 | |
with: | |
name: wheels | |
path: dist | |
- name: Set up QEMU | |
if: matrix.config.python-arch == 'aarch64' | |
uses: docker/setup-qemu-action@v1 | |
- name: Test wheel (Linux) | |
if: matrix.config.os-name == 'linux' | |
run: docker run --rm -e PYTHON_ARCH -e PYTHON_VERSION -e NUMPY_VERSION -v `pwd`:/io ${{ matrix.config.docker-image }} /io/.github/scripts/test-linux.sh | |
env: | |
PYTHON_ARCH: ${{ matrix.config.python-arch }} | |
PYTHON_VERSION: ${{ matrix.config.python-version }} | |
- name: Setup Python (Windows) | |
if: matrix.config.os-name == 'windows' | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.config.python-version }} | |
- name: Test wheel (Windows) | |
if: matrix.config.os-name == 'windows' | |
run: .github/scripts/test-windows.ps1 | |
shell: pwsh | |
env: | |
PYTHON_VERSION: ${{ matrix.config.python-version }} | |
PYTHON_ARCH: ${{ matrix.config.python-arch }} | |
- name: Setup Python (macOS) | |
if: matrix.config.os-name == 'mac' | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.config.python-version }} | |
- name: Test wheel (macOS) | |
if: matrix.config.os-name == 'mac' | |
run: .github/scripts/test-macos.sh | |
env: | |
PYTHON_ARCH: ${{ matrix.config.python-arch }} | |
PYTHON_VERSION: ${{ matrix.config.python-version }} | |
# publish-wheels: | |
# runs-on: ubuntu-latest | |
# needs: [test] | |
# if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
# steps: | |
# - name: Download wheels from artifact storage | |
# uses: actions/download-artifact@v3 | |
# with: | |
# name: wheels | |
# path: dist | |
# - name: Setup Python | |
# uses: actions/setup-python@v1 | |
# - name: Upload wheels to PyPI | |
# run: | | |
# pip install twine | |
# twine upload -u __token__ -p ${{ secrets.PYPI_TOKEN }} --skip-existing dist/* |