-
Notifications
You must be signed in to change notification settings - Fork 1.2k
155 lines (134 loc) · 5.85 KB
/
wheel.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: Build Wheels
on:
push:
branches: [ master ]
tags:
- 'v*'
pull_request:
branches: [ master ]
permissions:
contents: read
jobs:
build_wheels:
outputs:
digests-linux: ${{ steps.hash-linux.outputs.digests }}
digests-macos: ${{ steps.hash-macos.outputs.digests }}
digests-windows: ${{ steps.hash-windows.outputs.digests }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macOS-11]
runs-on: ${{ matrix.os }}
name: Build wheels on ${{ matrix.os }}
permissions:
contents: write # svenstaro/upload-release-action
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.x"
- name: Set up QEMU
if: runner.os == 'Linux'
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
with:
platforms: arm64
- name: Build for Windows
if: runner.os == 'Windows'
run: |
cmake -A Win32 -B ${{github.workspace}}/build_win32 -DSPM_ENABLE_SHARED=OFF -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/build/root_win32
cmake --build ${{github.workspace}}/build_win32 --config Release --target install --parallel 8
cmake -A x64 -B ${{github.workspace}}/build_amd64 -DSPM_ENABLE_SHARED=OFF -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/build/root_amd64
cmake --build ${{github.workspace}}/build_amd64 --config Release --target install --parallel 8
cmake -A arm64 -B ${{github.workspace}}/build_arm64 -DSPM_ENABLE_SHARED=OFF -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/build/root_arm64
cmake --build ${{github.workspace}}/build_arm64 --config Release --target install --parallel 8
- name: Build for Mac
if: runner.os == 'macOS'
run: |
cmake -B ${{github.workspace}}/build -DSPM_ENABLE_SHARED=OFF -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/build/root
cmake --build ${{github.workspace}}/build --config Release --target install --parallel 8
env:
CMAKE_OSX_ARCHITECTURES: arm64;x86_64
- name: Install cibuildwheel
working-directory: ${{github.workspace}}/python
run: |
python -m pip install --require-hashes --no-dependencies -r ../.github/workflows/requirements/base.txt
python -m pip install --require-hashes --no-dependencies -r ../.github/workflows/requirements/cibuildwheel.txt
- name: Build wheels
working-directory: ${{github.workspace}}/python
run: python -m cibuildwheel --output-dir wheelhouse
env:
CIBW_ARCHS_LINUX: auto aarch64
CIBW_ARCHS_MACOS: x86_64 universal2 arm64
CIBW_ARCHS_WINDOWS: auto ARM64
CIBW_SKIP: "pp* *-musllinux_*"
CIBW_BUILD_VERBOSITY: 1
- name: Build sdist archive
working-directory: ${{github.workspace}}/python
run: sh build_sdist.sh
- name: Fetch sdist archive
uses: tj-actions/glob@2944188f585a0ec102a6a82d9eeb3aed69785393 # v22.0.1
id: sdist
with:
files: ./python/dist/*.tar.gz
- name: Build wheel from sdist
run: python -m pip wheel "${{ steps.sdist.outputs.paths }}" --verbose
- name: Copy sdist
working-directory: ${{github.workspace}}/python
if: runner.os == 'macOS'
run: cp -f dist/*.tar.gz wheelhouse/
- name: Upload artifact
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
path: |
./python/wheelhouse/*.whl
./python/wheelhouse/*.tar.gz
- name: Upload wheel release
if: startsWith(github.ref, 'refs/tags/')
uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2.9.0
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ./python/wheelhouse/*
tag: ${{ github.ref }}
overwrite: true
prerelease: true
file_glob: true
- name: Generate SLSA subjects - Macos
id: hash-macos
if: runner.os == 'macOS'
run: echo "digests=$(shasum -a 256 ./python/wheelhouse/* | base64)" >> $GITHUB_OUTPUT
- name: Generate SLSA subjects - Linux
id: hash-linux
if: runner.os == 'Linux'
run: echo "digests=$(sha256sum ./python/wheelhouse/* | base64 -w0)" >> $GITHUB_OUTPUT
- name: Generate SLSA subjects - Windows
id: hash-windows
if: runner.os == 'Windows'
run: echo "digests=$(sha256sum ./python/wheelhouse/* | base64 -w0)" >> $GITHUB_OUTPUT
gather-disgests:
needs: [build_wheels]
outputs:
digests: ${{ steps.hash.outputs.digests }}
runs-on: ubuntu-latest
steps:
- name: Merge results
id: hash
env:
LINUX_DIGESTS: "${{ needs.build_wheels.outputs.digests-linux }}"
MACOS_DIGESTS: "${{ needs.build_wheels.outputs.digests-macos }}"
WINDOWS_DIGESTS: "${{ needs.build_wheels.outputs.digests-windows }}"
run: |
set -euo pipefail
echo "$LINUX_DIGESTS" | base64 -d > checksums.txt
echo "$MACOS_DIGESTS" | base64 -d >> checksums.txt
echo "$WINDOWS_DIGESTS" | base64 -d >> checksums.txt
echo "digests=$(cat checksums.txt | base64 -w0)" >> $GITHUB_OUTPUT
provenance:
if: startsWith(github.ref, 'refs/tags/')
needs: [build_wheels, gather-disgests]
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
base64-subjects: "${{ needs.gather-disgests.outputs.digests }}"
upload-assets: true # Optional: Upload to a new release