Skip to content

Commit

Permalink
ci: split workflows and get trusted publishing right
Browse files Browse the repository at this point in the history
  • Loading branch information
hrz6976 committed Jun 23, 2024
1 parent c1a6177 commit fed8a39
Show file tree
Hide file tree
Showing 2 changed files with 70 additions and 18 deletions.
63 changes: 63 additions & 0 deletions .github/workflows/build-wheel.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
name: Build wheels and publish

on:
push:
paths:
# only build wheels when the package code changes
- 'woc/**'
- 'setup.py'
workflow_dispatch:

# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: false

jobs:
build-wheel:
name: wheels
runs-on: ubuntu-latest
# trigger the workflow only on default branch, or manually
if: ${{ github.event_name == 'workflow_dispatch' || github.ref_name == github.event.repository.default_branch }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 1

- name: Build wheels
uses: pypa/[email protected]
env:
CIBW_BUILD: cp3{8,9,10,11}-manylinux_x86_64
# force manylinux2014 to avoid compatibility issues on RHEL 7
CIBW_MANYLINUX_X86_64_IMAGE: manylinux2014
# install required dependencies: bz2
CIBW_BEFORE_ALL: yum install -y bzip2-devel

- name: Upload wheels
uses: actions/upload-artifact@v2
with:
name: wheels
path: wheelhouse/*.whl

build-sdist:
name: sdist
runs-on: ubuntu-latest
# trigger the workflow only on default branch, or manually
if: ${{ github.event_name == 'workflow_dispatch' || github.ref_name == github.event.repository.default_branch }}

steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 1

- name: Build source distribution
run: pipx run build --sdist

- name: Upload source distribution
uses: actions/upload-artifact@v2
with:
name: sdist
path: dist/*.tar.gz
25 changes: 7 additions & 18 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,8 @@ name: Build wheels and publish

on:
push:
paths:
# only build wheels when the package code changes
- 'woc/**'
- 'setup.py'
tags:
- 'v*' # push tags to trigger the workflow
workflow_dispatch:

# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
Expand All @@ -19,12 +17,6 @@ jobs:
name: wheels
runs-on: ubuntu-latest
# trigger the workflow only on default branch, or manually
if: |
${{ github.event_name == 'workflow_dispatch'
|| ( github.event_name == 'push' && (
github.ref_name == github.event.repository.default_branch
|| startsWith(github.ref, 'refs/tags/v')
) ) }}
steps:
- name: Checkout
uses: actions/checkout@v3
Expand All @@ -49,13 +41,6 @@ jobs:
build-sdist:
name: sdist
runs-on: ubuntu-latest
# trigger the workflow only on default branch, or manually
if: |
${{ github.event_name == 'workflow_dispatch'
|| ( github.event_name == 'push' && (
github.ref_name == github.event.repository.default_branch
|| startsWith(github.ref, 'refs/tags/v')
) ) }}

steps:
- name: Checkout
Expand All @@ -79,7 +64,6 @@ jobs:
needs: [build-wheel, build-sdist]
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
if: startsWith(github.ref, 'refs/tags/v') # can not publish without a tag

steps:
- name: Checkout
Expand All @@ -97,5 +81,10 @@ jobs:
with:
path: dist

- name: Move everything to dist
run: |
mv dist/wheels/*.whl dist
mv dist/sdist/*.tar.gz dist
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1

0 comments on commit fed8a39

Please sign in to comment.