proton-python-driver/.github/workflows/actions.yml at develop · timeplus-io/proton-python-driver · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
on:
  - workflow_dispatch
name: release
jobs:
  build_wheels:
    name: Build wheels on ${{ matrix.os }}
    runs-on: ${{ matrix.os }}
    permissions:
      # Builders only upload artifacts now; the GitHub release is published
      # once, after the builds, by publish-github-release below.
      contents: read
    strategy:
      matrix:
        # Native runners per architecture — no QEMU. ubuntu-22.04-arm is a
        # free public-repo arm64 runner, so aarch64 wheels build natively
        # instead of under ~10x-slower emulation. macos-14 is Apple Silicon
        # (arm64): it builds arm64 natively and cross-builds the x86_64 mac
        # wheels (x86_64 can't be tested on an arm64 runner, only built).
        os:
          - ubuntu-22.04
          - ubuntu-22.04-arm
          - windows-2022
          - macos-14
    steps:
      - uses: actions/checkout@v4
      - name: Build wheels
        # v3.4.1 is the first stable line with CPython 3.14 (incl. cp314t)
        # wheel support. v2.21.3 predates 3.14 and would silently skip it.
        uses: pypa/cibuildwheel@v3.4.1
        with:
          package-dir: .
          output-dir: wheelhouse
          config-file: pyproject.toml
      - name: Store the distribution packages
        uses: actions/upload-artifact@v4
        with:
          # v4 requires unique artifact names per job; matrix.os keeps them distinct.
          name: python-package-distributions-${{ matrix.os }}
          path: wheelhouse/*.whl

  build_sdist:
    # Interpreters without a published wheel (e.g. EOL PyPy releases that
    # modern cibuildwheel cannot target) install from this sdist. It bundles
    # the pre-generated Cython C, so building it needs no Cython.
    name: Build source distribution
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
      - name: Build sdist
        run: pipx run build --sdist
      - name: Store the source distribution
        uses: actions/upload-artifact@v4
        with:
          # Matches the python-package-distributions-* download pattern in
          # publish-to-pypi / publish-github-release.
          name: python-package-distributions-sdist
          path: dist/*.tar.gz

  publish-to-pypi:
    name: Publish Python distribution to PyPI
    needs:
      - build_wheels
      - build_sdist
    runs-on: ubuntu-latest
    environment:
      name: pypi
      url: https://pypi.org/p/proton-driver
    permissions:
      # Token-based publishing (PYPI_TOKEN below) uses no OIDC, so no
      # id-token: write is needed. To switch to PyPI trusted publishing later,
      # add `id-token: write`, drop the username/password, and delete the token.
      contents: read
    steps:
    - name: Download all the dists
      uses: actions/download-artifact@v4
      with:
        # v4 download without a name arg fetches every matching artifact; the
        # pattern joins the per-OS wheel uploads + the sdist into one dist/ tree.
        pattern: python-package-distributions-*
        merge-multiple: true
        path: dist/
    - name: Publish distribution to PyPI
      uses: pypa/gh-action-pypi-publish@release/v1
      with:
        username: __token__
        password: ${{ secrets.PYPI_TOKEN }}

  publish-github-release:
    # Publish ONE complete GitHub release (all wheels + sdist) from a single
    # job after the builds, instead of each matrix job racing to create/update
    # the release. Single-writer, not transactional: action-gh-release uploads
    # assets sequentially, so a mid-upload failure can leave a partial release
    # (re-run the job to finish); fail_on_unmatched_files below makes an empty
    # glob fail loudly. Depends on the BUILD jobs, not on publish-to-pypi, so a
    # PyPI upload failure still leaves a downloadable GitHub release.
    name: Publish GitHub release
    needs:
      - build_wheels
      - build_sdist
    runs-on: ubuntu-latest
    permissions:
      # The GitHub release is created with the workflow's own token; the
      # GH_ACCESS_TOKEN PAT used through v0.2.13 no longer exists.
      contents: write
    steps:
      - uses: actions/checkout@v4
      - name: Download all the dists
        uses: actions/download-artifact@v4
        with:
          pattern: python-package-distributions-*
          merge-multiple: true
          path: dist/
      - name: Get proton-python-driver tag
        id: get_tag_name
        run: |
          VERSION=`grep '^VERSION' proton_driver/__init__.py \
          | sed 's/^VERSION = (//g' \
          | sed 's/).*//g' \
          | sed 's/, /./g'`
          VERSION=v$VERSION
          echo $VERSION
          echo "tag_name=$VERSION" >> $GITHUB_OUTPUT
      - name: Release distributions
        uses: softprops/action-gh-release@v2
        with:
          files: dist/*
          # Fail loudly if the glob matches nothing (e.g. artifact download
          # changes) instead of publishing an empty/incomplete release.
          fail_on_unmatched_files: true
          generate_release_notes: true
          tag_name: ${{ steps.get_tag_name.outputs.tag_name }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}