tantivy-py/.github/workflows/publish.yaml

214 lines
6.8 KiB
YAML
Raw Normal View History

name: Test & Release
on:
release:
types: [published]
2024-05-05 14:02:27 +00:00
# pull_request:
# branches:
# - master
2024-05-05 08:38:50 +00:00
permissions:
contents: read
jobs:
linux:
runs-on: ubuntu-latest
2024-05-05 08:38:50 +00:00
permissions:
id-token: write # ability to mint the OIDC token permission is necessary to persist the attestation
contents: read
attestations: write # persist the attestation
strategy:
matrix:
platform: [ 'x86_64-unknown-linux-gnu', 'aarch64-unknown-linux-gnu' ]
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
2023-11-20 22:55:15 +00:00
cdn.quay.io:443
cdn01.quay.io:443
cdn02.quay.io:443
cdn03.quay.io:443
crates.io:443
2023-11-20 22:55:15 +00:00
files.pythonhosted.org:443
ghcr.io:443
github.com:443
2023-11-20 22:55:15 +00:00
index.crates.io:443
objects.githubusercontent.com:443
2023-11-20 22:55:15 +00:00
pkg-containers.githubusercontent.com:443
pypi.org:443
quay.io:443
sh.rustup.rs:443
static.crates.io:443
static.rust-lang.org:443
2024-05-05 08:38:50 +00:00
uploads.github.com:443
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3
with:
python-version: 3.8
architecture: x64
- uses: PyO3/maturin-action@2c5c1560848aaa364c3545136054932db5fa27b7
with:
manylinux: auto
target: ${{ matrix.platform }}
command: build
2023-11-20 22:55:15 +00:00
args: --release --sdist -o dist -i 3.8 3.9 3.10 3.11 3.12
- name: Upload wheels
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # 4.4.0
with:
2024-05-05 14:02:27 +00:00
name: wheels-linux-${{ matrix.platform }}
path: dist
windows:
runs-on: windows-latest
2024-05-05 08:38:50 +00:00
permissions:
id-token: write # ability to mint the OIDC token permission is necessary to persist the attestation
contents: read
attestations: write # persist the attestation
strategy:
matrix:
target: [x64]
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde
with:
2024-05-05 08:38:50 +00:00
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3
with:
python-version: ${{ matrix.python-version }}
- uses: PyO3/maturin-action@2c5c1560848aaa364c3545136054932db5fa27b7
env:
PYO3_PYTHON: python${{ matrix.python-version }}
with:
command: build
args: --release -o dist
- name: Upload wheels
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # 4.4.0
with:
2024-05-05 14:02:27 +00:00
name: wheels-windows-${{ matrix.python-version }}-${{ matrix.target }}
path: dist
macos:
runs-on: macos-latest
2024-05-05 08:38:50 +00:00
permissions:
id-token: write # ability to mint the OIDC token permission is necessary to persist the attestation
contents: read
attestations: write # persist the attestation
strategy:
matrix:
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
2023-11-20 22:55:15 +00:00
target: ['universal2', 'x86_64-apple-darwin']
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3
with:
python-version: ${{ matrix.python-version }}
2023-11-20 22:55:15 +00:00
- name: Build wheels - ${{ matrix.target }}
uses: PyO3/maturin-action@2c5c1560848aaa364c3545136054932db5fa27b7
env:
PYO3_PYTHON: python${{ matrix.python-version }}
with:
2023-11-20 22:55:15 +00:00
target: ${{ matrix.target }}
command: build
args: --release -o dist
- name: Upload wheels
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # 4.4.0
with:
2024-05-05 14:02:27 +00:00
name: wheels-macos-${{ matrix.python-version }}-${{ matrix.target }}
path: dist
python-release-github:
runs-on: ubuntu-latest
needs: [ macos, windows, linux ]
permissions:
contents: write # To add assets to a release.
2024-05-05 14:02:27 +00:00
checks: write
packages: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.1.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
uploads.github.com:443
2023-11-20 22:55:15 +00:00
static.rust-lang.org:443
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{ github.head_ref }}
- uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a
with:
2024-05-05 08:38:50 +00:00
toolchain: "1.73.0"
- name: Set up Python 3.8
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
with:
python-version: 3.8
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: wheels
2024-05-05 08:38:50 +00:00
pattern: wheels-*
merge-multiple: true
- name: Upload release binaries
2024-05-05 14:02:27 +00:00
uses: alexellis/upload-assets@13926a61cdb2cb35f5fdef1c06b8b591523236d3 # 0.4.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
asset_paths: '["./wheels/tantivy-*"]'
release-pypy:
name: Release
runs-on: ubuntu-latest
needs: [ macos, windows, linux ]
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde
with:
2024-05-05 08:38:50 +00:00
egress-policy: audit
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: wheels
2024-05-05 08:38:50 +00:00
pattern: wheels-*
merge-multiple: true
- name: Publish package distributions to Test PyPI
uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1
with:
repository-url: https://test.pypi.org/legacy/
packages-dir: wheels/
skip-existing: true
- name: Publish package distributions to PyPI
if: always()
uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1
with:
packages-dir: wheels/
skip-existing: true