Merge pull request #165 from openzim/cibuildwheel

Better build system

.github/workflows/release.yaml

@@ -0,0 +1,116 @@
+name: Build and upload to PyPI
+
+on:
+  release:
+    types:
+      - published
+
+env:
+  LIBZIM_DL_VERSION: "8.2.0"
+  MACOSX_DEPLOYMENT_TARGET: "11.0"
+  CIBW_ENVIRONMENT_PASS_LINUX: "LIBZIM_DL_VERSION"
+  # APPLE_SIGNING_KEYCHAIN_PATH set in prepare keychain step
+  APPLE_SIGNING_KEYCHAIN_PROFILE: "build-profile"
+  APPLE_SIGNING_IDENTITY: "${{ secrets.APPLE_SIGNING_IDENTITY }}"
+  SIGN_APPLE: "yes"
+
+
+jobs:
+  build_wheels:
+    environment: release
+    name: Build wheels on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-20.04, macos-12]  # macos-11, windows-2019
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        if: runner.os == 'Linux'
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: all
+
+      - name: Prepare Apple Keychain for Signing
+        if: matrix.os == 'macos-12'
+        shell: bash
+        run: |
+          # store certificate on filesystem
+          export CERTIFICATE="$(mktemp -d)/wmch-devid.p12"
+          echo "${{ secrets.APPLE_SIGNING_CERTIFICATE }}" | base64 --decode -o $CERTIFICATE
+
+          # create a dedicated keychain
+          export APPLE_SIGNING_KEYCHAIN_PATH="$(mktemp -d)/build.keychain"
+          echo "APPLE_SIGNING_KEYCHAIN_PATH=${APPLE_SIGNING_KEYCHAIN_PATH}" >> "$GITHUB_ENV"
+          security create-keychain -p mysecretpassword ${APPLE_SIGNING_KEYCHAIN_PATH}
+          security default-keychain -s ${APPLE_SIGNING_KEYCHAIN_PATH}
+          security unlock-keychain -p mysecretpassword ${APPLE_SIGNING_KEYCHAIN_PATH}
+
+          # import certificate into keychain then remove from filesystem
+          security import ${CERTIFICATE} -k ${APPLE_SIGNING_KEYCHAIN_PATH} -P "${{ secrets.APPLE_SIGNING_P12_PASSWORD }}" -A
+          rm $CERTIFICATE
+
+          # store signing credentials into the keychain
+          security set-key-partition-list -S "apple-tool:,apple:" -s -k mysecretpassword ${APPLE_SIGNING_KEYCHAIN_PATH}
+          security find-identity -v
+          xcrun notarytool store-credentials \
+            --apple-id "${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }}" \
+            --password "${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }}" \
+            --team-id "${{ secrets.APPLE_SIGNING_TEAM }}" \
+            --validate \
+            --keychain ${APPLE_SIGNING_KEYCHAIN_PATH} \
+            ${APPLE_SIGNING_KEYCHAIN_PROFILE}
+
+          # disable auto-locking of keychain
+          security set-keychain-settings ${APPLE_SIGNING_KEYCHAIN_PATH}
+          security unlock-keychain -p mysecretpassword ${APPLE_SIGNING_KEYCHAIN_PATH}
+
+      - name: Build wheels
+        uses: pypa/[email protected]
+
+      - name: Cleanup Apple Keychain
+        if: matrix.os == 'macos-12'
+        shell: bash
+        run: |
+          security lock-keychain ${APPLE_SIGNING_KEYCHAIN_PATH}
+          security delete-keychain ${APPLE_SIGNING_KEYCHAIN_PATH}
+          rm -f ${APPLE_SIGNING_KEYCHAIN_PATH}
+
+      - uses: actions/upload-artifact@v3
+        with:
+          path: ./wheelhouse/*.whl
+
+  build_sdist:
+    name: Build source distribution
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build sdist
+        run: pipx run build --sdist
+
+      - uses: actions/upload-artifact@v3
+        with:
+          path: dist/*.tar.gz
+
+  upload_pypi:
+    needs: [build_wheels, build_sdist]
+    runs-on: ubuntu-latest
+    environment: release
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          # unpacks default artifact into dist/
+          # if `name: artifact` is omitted, the action will create extra parent dir
+          name: artifact
+          path: dist
+
+      - uses: pypa/[email protected]
+        with:
+          user: __token__
+          # password: ${{ secrets.PYPI_TEST_API_TOKEN }}
+          password: ${{ secrets.PYPI_API_TOKEN }}
+          # uncomment for test
+          # repository_url: https://test.pypi.org/legacy/

.github/workflows/test.yml

@@ -2,10 +2,7 @@ name: test
 on: [push]
 
 env:
-  LIBZIM_VERSION: 8.1.0
-  LIBZIM_INCLUDE_PATH: include/zim
-  CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-  PROFILE: 1
+  LIBZIM_DL_VERSION: "8.2.0"
 
 jobs:
   lint:
@@ -16,7 +13,7 @@ jobs:
       - name: Set up Python ${{ matrix.python }}
         uses: actions/[email protected]
         with:
-          python-version: "3.10"
+          python-version: "3.11"
           architecture: x64
 
       - name: Check formatting and linting
@@ -29,8 +26,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-20.04, macos-12]
-        python: ["3.6.15", "3.7", "3.8", "3.9", "3.10", "3.11"]
+        os: [ubuntu-22.04, macos-12]
+        python: ["3.7", "3.8", "3.9", "3.10", "3.11"]
 
     steps:
       - uses: actions/[email protected]
@@ -41,60 +38,21 @@ jobs:
           python-version: ${{ matrix.python }}
           architecture: x64
 
-      - name: set macOS environ
-        if: matrix.os == 'macos-12'
-        run: |
-          echo LIBZIM_EXT=dylib >> $GITHUB_ENV
-          echo LIBZIM_RELEASE=libzim_macos-x86_64-$LIBZIM_VERSION >> $GITHUB_ENV
-          echo LIBZIM_LIBRARY_PATH=lib/libzim.8.dylib >> $GITHUB_ENV
-
-      - name: set linux environ
-        if: matrix.os == 'ubuntu-20.04'
-        run: |
-          echo LIBZIM_EXT=so >> $GITHUB_ENV
-          echo LIBZIM_RELEASE=libzim_linux-x86_64-$LIBZIM_VERSION >> $GITHUB_ENV
-          echo LIBZIM_LIBRARY_PATH=lib/x86_64-linux-gnu/libzim.so.$LIBZIM_VERSION >> $GITHUB_ENV
-
-      - name: Cache libzim dylib & headers
-        uses: actions/[email protected]
-        id: cache-libzim
-        with:
-          path: libzim_dist
-          key: ${{ env.LIBZIM_RELEASE }}-libzim-cache
-
-      - name: Download libzim dylib & headers from OpenZIM.org releases
-        if: steps.cache-libzim.outputs.cache-hit != 'true'
-        run: |
-          wget -q https://download.openzim.org/release/libzim/$LIBZIM_RELEASE.tar.gz
-          tar --extract --file=$LIBZIM_RELEASE.tar.gz
-          mv $LIBZIM_RELEASE libzim_dist
+      - name: Installing dependencies
+        run: pip install -U pip setuptools build
 
-      - name: Link libzim dylib & headers into workspace lib and include folders
-        run: |
-          cp -p $GITHUB_WORKSPACE/libzim_dist/$LIBZIM_LIBRARY_PATH lib/libzim.$LIBZIM_EXT
-          cp -p $GITHUB_WORKSPACE/libzim_dist/$LIBZIM_LIBRARY_PATH lib/
-          ln -s $GITHUB_WORKSPACE/libzim_dist/$LIBZIM_INCLUDE_PATH include/zim
-          export LD_LIBRARY_PATH="$PWD/lib:$LD_LIBRARY_PATH"
-
-      - name: update Linux shared objects cache
-        if: matrix.os == 'ubuntu-20.04'
-        run: |
-          sudo ldconfig $PWD/lib
+      - name: Building & installing for tests (with profiling)
+        env:
+          PROFILE: 1
+        run: pip install -e .
 
-      - name: Build cython, sdist, and bdist_wheel
+      - name: Testing
         run: |
-          pip install --upgrade pip install "cython>=0.29.32,<3.0" setuptools pip wheel
-          python3 setup.py build_ext --inplace
-          python3 setup.py sdist bdist_wheel
-
-      - name: Test built package with pytest
-        run: |
-          pip install pytest pytest-cov
-          pip install -e .
-          export DYLD_LIBRARY_PATH="$PWD:$PWD/lib:$DYLD_LIBRARY_PATH"
-          pytest --cov=libzim --cov-report=term --cov-report term-missing .
+          pip install pytest pytest-cov cython
+          py.test --cov=libzim --cov-report=term --cov-report term-missing .
 
       - name: Upload coverage report to codecov
-        run: |
-          pip install codecov
-          codecov
+        if: matrix.os == 'ubuntu-22.04' && matrix.python == '3.11'
+        uses: codecov/codecov-action@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}