Skip to content

Build and upload to PyPI #1

Build and upload to PyPI

Build and upload to PyPI #1

Workflow file for this run

name: Build and upload to PyPI
on:
release:
types:
- published
env:
LIBZIM_DL_VERSION: "9.2.3-2"
MACOSX_DEPLOYMENT_TARGET: "12.0"
CIBW_ENVIRONMENT_PASS_LINUX: "LIBZIM_DL_VERSION"
# APPLE_SIGNING_KEYCHAIN_PATH set in prepare keychain step
APPLE_SIGNING_KEYCHAIN_PROFILE: "build-profile"
APPLE_SIGNING_IDENTITY: "${{ secrets.APPLE_SIGNING_IDENTITY }}"
SIGN_APPLE: "yes"
jobs:
build_wheels:
environment: release
name: Build wheels on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04, macos-13, windows-2022]
steps:
- uses: actions/checkout@v4
- name: Set up QEMU
if: runner.os == 'Linux'
uses: docker/setup-qemu-action@v3
with:
platforms: all
- name: Prepare Apple Keychain for Signing
if: matrix.os == 'macos-13'
shell: bash
run: |
# store certificate on filesystem
export CERTIFICATE="$(mktemp -d)/wmch-devid.p12"
echo "${{ secrets.APPLE_SIGNING_CERTIFICATE }}" | base64 --decode -o $CERTIFICATE
# create a dedicated keychain
export APPLE_SIGNING_KEYCHAIN_PATH="$(mktemp -d)/build.keychain"
echo "APPLE_SIGNING_KEYCHAIN_PATH=${APPLE_SIGNING_KEYCHAIN_PATH}" >> "$GITHUB_ENV"
security create-keychain -p mysecretpassword ${APPLE_SIGNING_KEYCHAIN_PATH}
security default-keychain -s ${APPLE_SIGNING_KEYCHAIN_PATH}
security unlock-keychain -p mysecretpassword ${APPLE_SIGNING_KEYCHAIN_PATH}
# import certificate into keychain then remove from filesystem
security import ${CERTIFICATE} -k ${APPLE_SIGNING_KEYCHAIN_PATH} -P "${{ secrets.APPLE_SIGNING_P12_PASSWORD }}" -A
rm $CERTIFICATE
# store signing credentials into the keychain
security set-key-partition-list -S "apple-tool:,apple:" -s -k mysecretpassword ${APPLE_SIGNING_KEYCHAIN_PATH}
security find-identity -v
xcrun notarytool store-credentials \
--apple-id "${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }}" \
--password "${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }}" \
--team-id "${{ secrets.APPLE_SIGNING_TEAM }}" \
--validate \
--keychain ${APPLE_SIGNING_KEYCHAIN_PATH} \
${APPLE_SIGNING_KEYCHAIN_PROFILE}
# disable auto-locking of keychain
security set-keychain-settings ${APPLE_SIGNING_KEYCHAIN_PATH}
security unlock-keychain -p mysecretpassword ${APPLE_SIGNING_KEYCHAIN_PATH}
- name: Build wheels
uses: pypa/[email protected]
- name: Cleanup Apple Keychain
if: matrix.os == 'macos-13'
shell: bash
run: |
security lock-keychain ${APPLE_SIGNING_KEYCHAIN_PATH}
security delete-keychain ${APPLE_SIGNING_KEYCHAIN_PATH}
rm -f ${APPLE_SIGNING_KEYCHAIN_PATH}
- uses: actions/upload-artifact@v4
with:
name: wheels-${{ matrix.os }}
path: ./wheelhouse/*.whl
build_sdist:
name: Build source distribution
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build sdist
run: pipx run build --sdist
- uses: actions/upload-artifact@v4
with:
name: sdist
path: dist/*.tar.gz
upload_pypi:
needs: [build_wheels, build_sdist]
runs-on: ubuntu-latest
environment: release
steps:
# retrieve all artifacts
- uses: actions/download-artifact@v4
with:
name: sdist
path: dist
- uses: actions/download-artifact@v4
with:
name: wheels-ubuntu-20.04
path: dist
- uses: actions/download-artifact@v4
with:
name: wheels-macos-13
path: dist
- uses: actions/download-artifact@v4
with:
name: wheels-windows-2022
path: dist
- uses: pypa/[email protected]
with:
user: __token__
# password: ${{ secrets.PYPI_TEST_API_TOKEN }}
password: ${{ secrets.PYPI_API_TOKEN }}
# uncomment for test
# repository_url: https://test.pypi.org/legacy/