Publish to PyPI #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Publish to PyPI" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: "The version to tag, without the leading 'v'. If omitted, will initiate a dry run (no uploads)." | |
| type: string | |
| sha: | |
| description: "The full sha of the commit to be released. If omitted, the latest commit on the default branch will be used." | |
| default: "" | |
| type: string | |
| pull_request: | |
| paths: | |
| # When we change pyproject.toml, we want to ensure that the maturin builds still work | |
| - pyproject.toml | |
| # And when we change this workflow itself... | |
| - .github/workflows/release.yaml | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| PACKAGE_NAME: "llamakey" | |
| PYTHON_VERSION: "3.10" | |
| CARGO_INCREMENTAL: 0 | |
| CARGO_NET_RETRY: 10 | |
| CARGO_TERM_COLOR: always | |
| RUSTUP_MAX_RETRIES: 10 | |
| jobs: | |
| sdist: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.sha }} | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: "Build sdist" | |
| uses: PyO3/maturin-action@v1 | |
| with: | |
| command: sdist | |
| args: --out dist | |
| - name: "Upload sdist" | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: wheels | |
| path: dist | |
| macos-universal: | |
| runs-on: macos-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.sha }} | |
| - name: Install Homebrew dependencies | |
| run: | | |
| env HOMEBREW_NO_AUTO_UPDATE=1 brew install gettext | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| architecture: x64 | |
| - name: "Build wheels - universal2" | |
| uses: PyO3/maturin-action@v1 | |
| with: | |
| args: --release --locked --target universal2-apple-darwin --out dist | |
| - name: "Upload wheels" | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: wheels | |
| path: dist | |
| - name: "Archive binary" | |
| run: | | |
| ARCHIVE_FILE=llamakey-${{ inputs.tag }}-aarch64-apple-darwin.tar.gz | |
| tar czvf $ARCHIVE_FILE -C target/aarch64-apple-darwin/release llamakey | |
| shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 | |
| ARCHIVE_FILE=llamakey-${{ inputs.tag }}-x86_64-apple-darwin.tar.gz | |
| tar czvf $ARCHIVE_FILE -C target/x86_64-apple-darwin/release llamakey | |
| shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 | |
| - name: "Upload binary" | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: binaries | |
| path: | | |
| *.tar.gz | |
| *.sha256 | |
| windows: | |
| runs-on: windows-latest | |
| strategy: | |
| matrix: | |
| platform: | |
| - target: x86_64-pc-windows-msvc | |
| arch: x64 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.sha }} | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| architecture: ${{ matrix.platform.arch }} | |
| - name: "Build wheels" | |
| uses: PyO3/maturin-action@v1 | |
| with: | |
| target: ${{ matrix.platform.target }} | |
| args: --release --locked --out dist | |
| - name: "Upload wheels" | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: wheels | |
| path: dist | |
| - name: "Archive binary" | |
| shell: bash | |
| run: | | |
| ARCHIVE_FILE=llamakey-${{ inputs.tag }}-${{ matrix.platform.target }}.zip | |
| 7z a $ARCHIVE_FILE ./target/${{ matrix.platform.target }}/release/llamakey.exe | |
| sha256sum $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 | |
| - name: "Upload binary" | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: binaries | |
| path: | | |
| *.zip | |
| *.sha256 | |
| linux: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| target: | |
| - x86_64-unknown-linux-gnu | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.sha }} | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| architecture: x64 | |
| - name: "Build wheels" | |
| uses: PyO3/maturin-action@v1 | |
| with: | |
| target: ${{ matrix.target }} | |
| manylinux: auto | |
| args: --release --locked --out dist | |
| - name: "Upload wheels" | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: wheels | |
| path: dist | |
| - name: "Archive binary" | |
| run: | | |
| ARCHIVE_FILE=llamakey-${{ inputs.tag }}-${{ matrix.target }}.tar.gz | |
| tar czvf $ARCHIVE_FILE -C target/${{ matrix.target }}/release llamakey | |
| shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 | |
| - name: "Upload binary" | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: binaries | |
| path: | | |
| *.tar.gz | |
| *.sha256 | |
| validate-tag: | |
| name: Validate tag | |
| runs-on: ubuntu-latest | |
| # If you don't set an input tag, it's a dry run (no uploads). | |
| if: ${{ inputs.tag }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| depth: 10 | |
| - name: Check tag consistency | |
| run: | | |
| # Switch to the commit we want to release | |
| git checkout ${{ inputs.sha }} | |
| version=$(grep "version = " pyproject.toml | sed -e 's/version = "\(.*\)"/\1/g') | |
| if [ "${{ inputs.tag }}" != "${version}" ]; then | |
| echo "The input tag does not match the version from pyproject.toml:" >&2 | |
| echo "${{ inputs.tag }}" >&2 | |
| echo "${version}" >&2 | |
| exit 1 | |
| else | |
| echo "Releasing ${version}" | |
| fi | |
| upload-release: | |
| name: Upload to PyPI | |
| runs-on: ubuntu-latest | |
| needs: | |
| - macos-universal | |
| - windows | |
| - linux | |
| - validate-tag | |
| # If you don't set an input tag, it's a dry run (no uploads). | |
| if: ${{ inputs.tag }} | |
| environment: | |
| name: release | |
| permissions: | |
| # For pypi trusted publishing | |
| id-token: write | |
| steps: | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: wheels | |
| path: wheels | |
| - name: Publish to PyPi | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| skip-existing: true | |
| packages-dir: wheels | |
| verbose: true | |
| tag-release: | |
| name: Tag release | |
| runs-on: ubuntu-latest | |
| needs: upload-release | |
| # If you don't set an input tag, it's a dry run (no uploads). | |
| if: ${{ inputs.tag }} | |
| permissions: | |
| # For git tag | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.sha }} | |
| - name: git tag | |
| run: | | |
| git config user.email "[email protected]" | |
| git config user.name "LlaMasterKey Release CI" | |
| git tag -m "v${{ inputs.tag }}" "v${{ inputs.tag }}" | |
| # If there is duplicate tag, this will fail. The publish to pypi action will have been a noop (due to skip | |
| # existing), so we make a non-destructive exit here | |
| git push --tags | |
| publish-release: | |
| name: Publish to GitHub | |
| runs-on: ubuntu-latest | |
| needs: tag-release | |
| # If you don't set an input tag, it's a dry run (no uploads). | |
| if: ${{ inputs.tag }} | |
| permissions: | |
| # For GitHub release publishing | |
| contents: write | |
| steps: | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: binaries | |
| path: binaries | |
| - name: "Publish to GitHub" | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| draft: true | |
| files: binaries/* | |
| tag_name: v${{ inputs.tag }} |