From e18f13a14e54cb39567f201391ac306088b3f55f Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Sat, 27 Apr 2024 16:02:51 +0530 Subject: [PATCH 01/17] Add workflow to release and sign wheels --- .github/workflows/cd.yaml | 95 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 .github/workflows/cd.yaml diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml new file mode 100644 index 0000000..32615c3 --- /dev/null +++ b/.github/workflows/cd.yaml @@ -0,0 +1,95 @@ +name: CD + +on: + workflow_dispatch: + inputs: + version: + description: 'Version to build Zig wheels for' + required: true + default: 'latest' + suffix: + description: > + Suffix to append to the version in the wheel filename, useful for dev versions and version specifiers + required: false + default: '' + platforms: + description: > + Comma-separated values of platforms to build wheels for + required: false + default: 'x86_64-windows,x86-windows,x86_64-macos,aarch64-macos,i386-linux,x86-linux,x86_64-linux,aarch64-linux,armv7a-linux' + push_to_pypi: + description: > + Whether to push the built wheels to PyPI. Can be 'true' or 'false', defaults to 'false'. + required: false + default: 'false' + +jobs: + build_wheels: + name: Build wheels + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + with: + python-version: '3.x' + + - name: Install dependencies + run: | + python -m pip install . + + - name: Build wheels for all platforms + shell: bash + run: | + platforms=${{ github.event.inputs.platforms }} + IFS=',' read -r -a platform_array <<< "$platforms" + for platform in "${platform_array[@]}"; do + python make_wheels.py \ + --version ${{ github.event.inputs.version }} \ + --suffix ${{ github.event.inputs.suffix }} \ + --platform "$platform" + done + + - name: Upload wheel artifacts + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + with: + name: zig-wheels + path: dist/*.whl + + deploy_wheels: + name: Deploy wheels + needs: [build_wheels] + environment: pypi + runs-on: ubuntu-latest + permissions: + # Required by + # 1. OIDC to publish to PyPI, and + # 2. Sigstore to sign artifacts + id-token: write + if: >- + github.event_name == 'workflow_dispatch' && + github.event.inputs.push_to_pypi == 'true' && + github.repository == 'ziglang/zig-pypi' + steps: + - name: Download wheel artifacts + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + with: + path: dist/ + merge-multiple: true + + - name: Publish wheels to PyPI + uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14 + with: + packages-dir: dist/ + + - name: Sign artifacts with Sigstore + uses: sigstore/gh-action-sigstore-python@61f6a500bbfdd9a2a339cf033e5421951fbc1cd2 # v2.1.1 + with: + inputs: >- + ./dist/*.whl + + - name: Upload signed artifacts and signature files + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + with: + # This will contain not only the wheels but also the signature files + # generated by the Sigstore step + path: dist/* From cf9845ecbf36def44bfaab8e2801a395842a953d Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Sat, 27 Apr 2024 16:31:44 +0530 Subject: [PATCH 02/17] Move condition to PyPI publishing step --- .github/workflows/cd.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 32615c3..2ea510d 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -65,10 +65,6 @@ jobs: # 1. OIDC to publish to PyPI, and # 2. Sigstore to sign artifacts id-token: write - if: >- - github.event_name == 'workflow_dispatch' && - github.event.inputs.push_to_pypi == 'true' && - github.repository == 'ziglang/zig-pypi' steps: - name: Download wheel artifacts uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 @@ -77,6 +73,10 @@ jobs: merge-multiple: true - name: Publish wheels to PyPI + if: >- + github.event_name == 'workflow_dispatch' && + github.event.inputs.push_to_pypi == 'true' && + github.repository == 'ziglang/zig-pypi' uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14 with: packages-dir: dist/ From 2deb188dc70f2f2b0a7785893c678c658a661f65 Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 01:40:35 +0530 Subject: [PATCH 03/17] Permanent GHA Attestations, update dependencies --- .github/workflows/cd.yaml | 58 ++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 32 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 2ea510d..d79c269 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -4,40 +4,40 @@ on: workflow_dispatch: inputs: version: - description: 'Version to build Zig wheels for' + description: "Version to build Zig wheels for" required: true - default: 'latest' + default: "latest" suffix: description: > - Suffix to append to the version in the wheel filename, useful for dev versions and version specifiers + Suffix to append to the version in the wheel filename. This is useful for dev versions and version specifiers required: false - default: '' + default: "" platforms: description: > Comma-separated values of platforms to build wheels for required: false - default: 'x86_64-windows,x86-windows,x86_64-macos,aarch64-macos,i386-linux,x86-linux,x86_64-linux,aarch64-linux,armv7a-linux' + default: "x86_64-windows,x86-windows,x86_64-macos,aarch64-macos,i386-linux,x86-linux,x86_64-linux,aarch64-linux,armv7a-linux,powerpc64le-linux" push_to_pypi: description: > Whether to push the built wheels to PyPI. Can be 'true' or 'false', defaults to 'false'. required: false - default: 'false' + default: "false" jobs: build_wheels: name: Build wheels runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: - python-version: '3.x' + python-version: "3.x" - name: Install dependencies run: | python -m pip install . - - name: Build wheels for all platforms + - name: Build wheels for all requested platforms shell: bash run: | platforms=${{ github.event.inputs.platforms }} @@ -50,9 +50,9 @@ jobs: done - name: Upload wheel artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: - name: zig-wheels + name: zig_wheels path: dist/*.whl deploy_wheels: @@ -61,35 +61,29 @@ jobs: environment: pypi runs-on: ubuntu-latest permissions: - # Required by - # 1. OIDC to publish to PyPI, and - # 2. Sigstore to sign artifacts - id-token: write + id-token: write # for OIDC trusted publishing + attestations: write # for the GitHub Actions Attestations feature + contents: read steps: - - name: Download wheel artifacts - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + - name: Download all wheel artifacts + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: dist/ merge-multiple: true + - name: Generate artifact attestations + uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 + with: + subject-path: dist/* + + # This will publish the wheels inputted to the action to PyPI (off by default). + # The workflow may be triggered multiple times with the `push_to_pypi` input + # set to 'true' to publish the wheels for any configurable version (non-dev). - name: Publish wheels to PyPI if: >- github.event_name == 'workflow_dispatch' && github.event.inputs.push_to_pypi == 'true' && github.repository == 'ziglang/zig-pypi' - uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14 + uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.10.2 with: packages-dir: dist/ - - - name: Sign artifacts with Sigstore - uses: sigstore/gh-action-sigstore-python@61f6a500bbfdd9a2a339cf033e5421951fbc1cd2 # v2.1.1 - with: - inputs: >- - ./dist/*.whl - - - name: Upload signed artifacts and signature files - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - with: - # This will contain not only the wheels but also the signature files - # generated by the Sigstore step - path: dist/* From cd48f0c607a0e64874605e468a959dcdc70de54d Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 01:42:18 +0530 Subject: [PATCH 04/17] Add a comment about the `twine` optional dep --- pyproject.toml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index b4abd8c..55f3d7a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -7,6 +7,8 @@ dependencies = [ "wheel~=0.41.0", ] +# To verify wheels locally instead of through +# the .github/workflows/cd.yml workflow [tool.pdm.dev-dependencies] upload = ["twine"] From fb443f30cd983e736ab77e060d33ad51f7d93722 Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 01:42:38 +0530 Subject: [PATCH 05/17] Rename from `cd.yaml` to `cd.yml` --- .github/workflows/{cd.yaml => cd.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{cd.yaml => cd.yml} (100%) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yml similarity index 100% rename from .github/workflows/cd.yaml rename to .github/workflows/cd.yml From debaeea06ae73ef4af91858701392ed482c402da Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 01:43:21 +0530 Subject: [PATCH 06/17] Add a section on build provenance and verifying it --- README.md | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 2eb1627..7437a3c 100644 --- a/README.md +++ b/README.md @@ -49,16 +49,27 @@ The process of converting release archives to binary wheels is deterministic, an [pypidl]: https://pypi.org/project/ziglang/#files -Uploading wheels ----------------- +Uploading wheels to PyPI +------------------------ -Run the publishing utility: +Trigger the publishing workflow from this repository manually (requires authorization) +with the necessary inputs as mentioned in the [workflow file](.github/workflows/cd.yml) +or in the GitHub Actions UI. The wheels are checked with `twine` before they are uploaded. -```shell -pdm run twine dist/* -``` +The workflow will upload the wheels to PyPI to make them available for installation. It +is possible to trigger it multiple times to upload wheels for different versions or +platforms. + +Verifying the provenance of wheels uploaded to PyPI +--------------------------------------------------- + +To establish build provenance, the workflow generates attestations for the uploaded wheels +using the [GitHub Actions Attestations feature](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds) +when it is run. Please navigate to the [Attestations interface](https://github.com/ziglang/zig-pypi/attestations) +to view the attestations for the uploaded wheels. -This command will upload the binary wheels built in the previous step to PyPI. +The attestations may be verified via the [GitHub (`gh`) CLI](https://cli.github.com/manual/gh_attestation_verify) +or via the [GitHub API](https://docs.github.com/en/rest/users/attestations). License ------- From f5424eecaf140bb57a2dde2e7ddae6b0c00c4a5c Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 01:46:58 +0530 Subject: [PATCH 07/17] Make the `push_to_pypi:` input explicit --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index d79c269..0abbef8 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -20,7 +20,7 @@ on: push_to_pypi: description: > Whether to push the built wheels to PyPI. Can be 'true' or 'false', defaults to 'false'. - required: false + required: true default: "false" jobs: From 55bdcc99a07e38cc080bdaf2ea35ce4a3ea30685 Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 01:50:24 +0530 Subject: [PATCH 08/17] Move condition for PyPI trigger to the job --- .github/workflows/cd.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 0abbef8..692dbb3 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -58,6 +58,9 @@ jobs: deploy_wheels: name: Deploy wheels needs: [build_wheels] + if: >- + github.event.inputs.push_to_pypi == 'true' && + github.repository == 'ziglang/zig-pypi' environment: pypi runs-on: ubuntu-latest permissions: @@ -76,14 +79,11 @@ jobs: with: subject-path: dist/* - # This will publish the wheels inputted to the action to PyPI (off by default). + # This will publish the list of wheels inputted to the action to PyPI (set to + # off, by default). # The workflow may be triggered multiple times with the `push_to_pypi` input # set to 'true' to publish the wheels for any configurable version (non-dev). - name: Publish wheels to PyPI - if: >- - github.event_name == 'workflow_dispatch' && - github.event.inputs.push_to_pypi == 'true' && - github.repository == 'ziglang/zig-pypi' uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.10.2 with: packages-dir: dist/ From e6cde5449e3661eb27b2ac6fb6563275577bc0f4 Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 14:09:18 +0530 Subject: [PATCH 09/17] Add GitHub job summary for inspecting built wheels --- .github/workflows/cd.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 692dbb3..d7e118d 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -87,3 +87,25 @@ jobs: uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.10.2 with: packages-dir: dist/ + + inspect_wheels: + name: Inspect wheels + needs: [build_wheels] + runs-on: ubuntu-latest + steps: + - name: Download all built wheel artifacts + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + path: dist/ + merge-multiple: true + + - name: Inspect wheel artifacts + shell: bash + run: | + echo -e '## A list of built wheels and their SHA-256 checksums \n' >> $GITHUB_STEP_SUMMARY + echo -e '```\n' >> $GITHUB_STEP_SUMMARY + for wheel in dist/*.whl; do + shasum --algorithm 256 "$wheel" >> $GITHUB_STEP_SUMMARY + echo -e '\n' >> $GITHUB_STEP_SUMMARY + done + echo -e '```\n' >> $GITHUB_STEP_SUMMARY From 57118e8404e3001d2139534d69e77e6ac9d81b64 Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 14:11:20 +0530 Subject: [PATCH 10/17] Temporarily trigger on pull requests --- .github/workflows/cd.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index d7e118d..f93639f 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -1,6 +1,7 @@ name: CD on: + pull_request: # FIXME: remove after testing and when stable for merging workflow_dispatch: inputs: version: From 3018f12210b6751660d6916b23d657e387297b1f Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 14:13:03 +0530 Subject: [PATCH 11/17] Raise an error if no artifacts to upload --- .github/workflows/cd.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index f93639f..1b17db8 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -55,6 +55,7 @@ jobs: with: name: zig_wheels path: dist/*.whl + if-no-files-found: error deploy_wheels: name: Deploy wheels From cdfa62fc6907aee873f9e6a730a37c335346c5fc Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 14:14:14 +0530 Subject: [PATCH 12/17] Temporarily allow triggering manually via fork --- .github/workflows/cd.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 1b17db8..a8e72f6 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -1,6 +1,7 @@ name: CD on: + push: # FIXME: remove after testing and when stable for merging pull_request: # FIXME: remove after testing and when stable for merging workflow_dispatch: inputs: From cad440f54b85f2b5f743e26fb420926cb56ef60c Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 14:16:34 +0530 Subject: [PATCH 13/17] Temporarily disable commands --- .github/workflows/cd.yml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index a8e72f6..658b829 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -1,7 +1,6 @@ name: CD on: - push: # FIXME: remove after testing and when stable for merging pull_request: # FIXME: remove after testing and when stable for merging workflow_dispatch: inputs: @@ -42,14 +41,17 @@ jobs: - name: Build wheels for all requested platforms shell: bash run: | - platforms=${{ github.event.inputs.platforms }} - IFS=',' read -r -a platform_array <<< "$platforms" - for platform in "${platform_array[@]}"; do - python make_wheels.py \ - --version ${{ github.event.inputs.version }} \ - --suffix ${{ github.event.inputs.suffix }} \ - --platform "$platform" - done + # FIXME: uncomment when ready + # platforms=${{ github.event.inputs.platforms }} + # IFS=',' read -r -a platform_array <<< "$platforms" + # for platform in "${platform_array[@]}"; do + # python make_wheels.py \ + # --version ${{ github.event.inputs.version }} \ + # --suffix ${{ github.event.inputs.suffix }} \ + # --platform "$platform" + # done + + pdm run make_wheels.py --outdir dist/ - name: Upload wheel artifacts uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 From 1bbd3d283bb1ad65ed4d40c613dd37a43fbb1962 Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 14:17:34 +0530 Subject: [PATCH 14/17] Fix `pdm` invocation --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 658b829..232f8be 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -51,7 +51,7 @@ jobs: # --platform "$platform" # done - pdm run make_wheels.py --outdir dist/ + python -m pdm run make_wheels.py --outdir dist/ - name: Upload wheel artifacts uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 From 8340fa1a776816991ea5fcb3f17de031282b299a Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 14:18:56 +0530 Subject: [PATCH 15/17] `pdm` is a build-time dependency, not a run-time one --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 232f8be..1b44bae 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -51,7 +51,7 @@ jobs: # --platform "$platform" # done - python -m pdm run make_wheels.py --outdir dist/ + python make_wheels.py --outdir dist/ - name: Upload wheel artifacts uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 From 68b53524c1fc58dbfeb024abb9111346172c5fe1 Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 14:23:40 +0530 Subject: [PATCH 16/17] Fix summary printing --- .github/workflows/cd.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 1b44bae..e8d84a2 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -111,6 +111,5 @@ jobs: echo -e '```\n' >> $GITHUB_STEP_SUMMARY for wheel in dist/*.whl; do shasum --algorithm 256 "$wheel" >> $GITHUB_STEP_SUMMARY - echo -e '\n' >> $GITHUB_STEP_SUMMARY done echo -e '```\n' >> $GITHUB_STEP_SUMMARY From 5f8a5243ee41d34d8f55254a5ef871c4650b2571 Mon Sep 17 00:00:00 2001 From: Agriya Khetarpal <74401230+agriyakhetarpal@users.noreply.github.com> Date: Fri, 4 Oct 2024 14:29:50 +0530 Subject: [PATCH 17/17] Clean up changes and add a sanity check --- .github/workflows/cd.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index e8d84a2..86f7bd3 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -1,7 +1,6 @@ name: CD on: - pull_request: # FIXME: remove after testing and when stable for merging workflow_dispatch: inputs: version: @@ -41,17 +40,15 @@ jobs: - name: Build wheels for all requested platforms shell: bash run: | - # FIXME: uncomment when ready - # platforms=${{ github.event.inputs.platforms }} - # IFS=',' read -r -a platform_array <<< "$platforms" - # for platform in "${platform_array[@]}"; do - # python make_wheels.py \ - # --version ${{ github.event.inputs.version }} \ - # --suffix ${{ github.event.inputs.suffix }} \ - # --platform "$platform" - # done - - python make_wheels.py --outdir dist/ + platforms=${{ github.event.inputs.platforms }} + IFS=',' read -r -a platform_array <<< "$platforms" + for platform in "${platform_array[@]}"; do + python make_wheels.py \ + --outdir dist/ \ + --version ${{ github.event.inputs.version }} \ + --suffix ${{ github.event.inputs.suffix }} \ + --platform "$platform" + done - name: Upload wheel artifacts uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 @@ -79,6 +76,9 @@ jobs: path: dist/ merge-multiple: true + - name: Sanity check wheel artifacts + run: ls -R dist/ + - name: Generate artifact attestations uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 with: