Prevent installation on apple silicon without appropriate codesigned entitlements #301
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
pull_request: | |
create: | |
name: Continuous Delivery | |
jobs: | |
build_wheels: | |
name: cibuildwheel on ${{ matrix.os }} ${{ matrix.architecture }} | |
if: (github.event_name == 'create' && github.event.ref_type == 'tag') || contains(github.event.head_commit.message, '[build wheel]') || contains(github.event.pull_request.title, '[build wheel]') | |
env: | |
CIBW_BEFORE_ALL_LINUX: 'yum install -y java-11-openjdk-devel' | |
CIBW_REPAIR_WHEEL_COMMAND_MACOS: '' | |
CIBW_SKIP: 'cp36-* *musllinux*' | |
strategy: | |
matrix: | |
include: | |
- os: windows-latest | |
architecture: 'x86' | |
cibw_archs: 'x86' | |
- os: windows-latest | |
architecture: 'x64' | |
cibw_archs: 'AMD64' | |
- os: ubuntu-latest | |
architecture: 'x64' | |
cibw_archs: 'x86_64' | |
- os: kivy-ubuntu-arm64 | |
architecture: 'aarch64' | |
cibw_archs: aarch64 | |
- os: macos-latest | |
architecture: 'x64' | |
cibw_archs: 'x86_64 universal2' | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout pyjnius | |
uses: actions/checkout@v3 | |
- name: Setup Python (Ubuntu x86_64, macOS Intel, Windows x86_64) | |
if: matrix.os == 'macos-latest' || matrix.os == 'windows-latest' || matrix.os == 'ubuntu-latest' | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.x' | |
- name: Setup java | |
# There's no need to setup java on ubuntu-latest, as build is done into a manylinux | |
# containerized environment. (CIBW_BEFORE_ALL_LINUX) takes care of it. | |
if: ${{ matrix.os != 'ubuntu-latest' }} | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
architecture: ${{ matrix.architecture }} | |
- name: Install cibuildwheel & build wheels (Windows) | |
if: matrix.os == 'windows-latest' | |
env: | |
CIBW_ARCHS: '${{ matrix.cibw_archs }}' | |
run: | | |
python -m pip install cibuildwheel~=2.16.2 | |
python -m cibuildwheel --output-dir dist | |
- name: Install cibuildwheel & build wheels (Linux, macOS Intel) | |
if: (matrix.os == 'ubuntu-latest') || (matrix.os == 'kivy-ubuntu-arm64') || (matrix.os == 'macos-latest') | |
env: | |
CIBW_ARCHS: '${{ matrix.cibw_archs }}' | |
run: | | |
source .ci/utils.sh | |
ensure_python_version 3.11 | |
python -m pip install cibuildwheel~=2.16.2 | |
python -m cibuildwheel --output-dir dist | |
- name: upload wheels | |
uses: actions/upload-artifact@v2 | |
with: | |
name: dist | |
path: dist | |
build_sdist: | |
name: Build sdist | |
if: (github.event_name == 'create' && github.event.ref_type == 'tag') || contains(github.event.head_commit.message, '[build sdist]') || contains(github.event.pull_request.title, '[build sdist]') | |
runs-on: 'ubuntu-latest' | |
steps: | |
- name: Checkout pyjnius | |
uses: actions/checkout@v3 | |
- name: Setup Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.x' | |
- name: Build sdist | |
run: | | |
pip install -U setuptools Cython | |
python setup.py sdist | |
- name: upload sdist | |
uses: actions/upload-artifact@v2 | |
with: | |
name: dist | |
path: dist | |
test_wheels: | |
name: Test wheel on ${{ matrix.os }} (${{ matrix.architecture }}) Python ${{ matrix.python }} | |
if: (github.event_name == 'create' && github.event.ref_type == 'tag') || contains(github.event.head_commit.message, '[build wheel]') || contains(github.event.pull_request.title, '[build wheel]') | |
needs: | |
- build_wheels | |
continue-on-error: true | |
strategy: | |
matrix: | |
os: ['ubuntu-latest', 'macos-latest', 'windows-latest', 'kivy-ubuntu-arm64'] | |
python: ['3.7', '3.8', '3.9', '3.10', '3.11', '3.12', 'pypy3.7', 'pypy3.8', 'pypy3.9'] | |
include: | |
# We may would like to introduce tests also on windows-latest on x86 (win32 wheels)? | |
- os: ubuntu-latest | |
architecture: 'x64' | |
- os: kivy-ubuntu-arm64 | |
architecture: 'aarch64' | |
- os: windows-latest | |
architecture: 'x64' | |
- os: macos-latest | |
architecture: 'x64' | |
- os: apple-silicon-m1 | |
architecture: 'aarch64' | |
python: '3.10' | |
- os: apple-silicon-m1 | |
architecture: 'aarch64' | |
python: '3.11' | |
- os: apple-silicon-m1 | |
architecture: 'aarch64' | |
python: '3.12' | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout pyjnius | |
uses: actions/checkout@v3 | |
- uses: actions/download-artifact@v2 | |
with: | |
name: dist | |
path: dist | |
- name: Setup Python (Ubuntu x86_64, macOS Intel, Windows x86_64) | |
# Needs to be skipped on our self-hosted runners tagged as 'apple-silicon-m1' | |
if: matrix.os == 'macos-latest' || matrix.os == 'windows-latest' || matrix.os == 'ubuntu-latest' || matrix.os == 'apple-silicon-m1' | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python }} | |
- name: Setup java | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
architecture: ${{ matrix.architecture }} | |
- name: Setup ant on macOS | |
if: (matrix.os == 'macos-latest') || (matrix.os == 'apple-silicon-m1') | |
run: | | |
brew install ant | |
- name: Setup ant on Linux | |
if: (matrix.os == 'ubuntu-latest') || (matrix.os == 'kivy-ubuntu-arm64') | |
run: | | |
sudo apt-get update && sudo apt-get install -y ant | |
- name: Build test-classes via ant | |
run: ant all | |
- name: Install pyjnius wheel + test prerequisites (Windows, macOS) | |
if: matrix.os == 'windows-latest' || matrix.os == 'macos-latest' || matrix.os == 'apple-silicon-m1' | |
# --find-links=dist --no-index is needed to avoid downloading the pyjnius wheel | |
# from the index. We need to test the wheel we just built. | |
run: | | |
python -m pip install --find-links=dist --no-index pyjnius | |
python -m pip install pyjnius[dev,ci] | |
- name: Install pyjnius wheel + test prerequisites (Linux) | |
if: matrix.os == 'ubuntu-latest' || matrix.os == 'kivy-ubuntu-arm64' | |
# --find-links=dist --no-index is needed to avoid downloading the pyjnius wheel | |
# from the index. We need to test the wheel we just built. | |
run: | | |
source .ci/utils.sh | |
ensure_python_version ${{ matrix.python }} | |
python -m pip install --find-links=dist --no-index pyjnius | |
python -m pip install pyjnius[dev,ci] | |
- name: Test wheel (Linux, macOS) | |
if: (matrix.os == 'ubuntu-latest') || (matrix.os == 'kivy-ubuntu-arm64') || (matrix.os == 'macos-latest') || (matrix.os == 'apple-silicon-m1') | |
run: | | |
source .ci/utils.sh | |
ensure_python_version ${{ matrix.python }} | |
cd tests | |
CLASSPATH=../build/test-classes:../build/classes python -m pytest -v | |
- name: Test wheel ( Windows + Python == 3.7.x ) | |
# On Python < 3.8.x, we can't use `os.add_dll_directory`, so the jre should be in PATH. | |
if: (matrix.os == 'windows-latest') && contains(matrix.python, '3.7') | |
run: | | |
cd tests | |
$env:PATH +=";$env:JAVA_HOME\jre\bin\server\;$env:JAVA_HOME\jre\bin\client\;$env:JAVA_HOME\bin\server\" | |
$env:CLASSPATH ="../build/test-classes;../build/classes" | |
python -m pytest -v | |
- name: Test wheel (Windows + Python != 3.7.x ) | |
if: (matrix.os == 'windows-latest') && !contains(matrix.python, '3.7') | |
run: | | |
cd tests | |
$env:CLASSPATH ="../build/test-classes;../build/classes" | |
python -m pytest -v | |
release: | |
if: (github.event_name == 'create' && github.event.ref_type == 'tag') | |
name: release | |
needs: | |
- build_wheels | |
- build_sdist | |
- test_wheels | |
runs-on: 'ubuntu-latest' | |
steps: | |
- uses: actions/download-artifact@v2 | |
with: | |
name: dist | |
path: dist | |
- name: Upload Test Release Asset | |
id: create_test_release | |
if: startsWith(github.ref, 'refs/tags/') && endsWith(github.ref, '-test') | |
uses: softprops/action-gh-release@78c309ef59fdb9557cd6574f2e0be552936ed728 | |
with: | |
prerelease: true | |
files: | | |
dist/*.whl | |
dist/*.zip | |
dist/*.tar.gz | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload Release Asset | |
id: upload-release-asset | |
if: startsWith(github.ref, 'refs/tags/') && ! endsWith(github.ref, '-test') | |
uses: softprops/action-gh-release@78c309ef59fdb9557cd6574f2e0be552936ed728 | |
with: | |
files: | | |
dist/*.whl | |
dist/*.zip | |
dist/*.tar.gz | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Publish package | |
if: startsWith(github.ref, 'refs/tags/') && endsWith(github.ref, '-test') | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
user: __token__ | |
password: ${{ secrets.PYPI_TOKEN_TEST }} | |
repository_url: https://test.pypi.org/legacy/ | |
- name: Publish package | |
if: startsWith(github.ref, 'refs/tags/') && ! endsWith(github.ref, '-test') | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
user: __token__ | |
password: ${{ secrets.PYPI_TOKEN }} |