zarrs-python/.github/workflows/cd.yml at main · zarrs/zarrs-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: cd

on:
  push:
    branches:
      - main
    tags:
      - '**'
  pull_request:

env:
  CARGO_TERM_COLOR: always

jobs:
  build:
    name: build on ${{ matrix.os }} (${{ matrix.target }}${{ matrix.os == 'linux' && format(' - {0}', matrix.manylinux == 'auto' && 'manylinux' || matrix.manylinux) || '' }})
    # only run on push to tags, main branch, or explicit full build
    # keep condition in sync with `build-sdist` job
    strategy:
      fail-fast: false
      matrix:
        os: [linux, macos, windows]
        target: [x86_64, aarch64]
        manylinux: ['2_28']
        include:
          # manylinux for various platforms
          - { os: linux, manylinux: '2_28', target: armv7 }
          - { os: linux, manylinux: '2_28', target: ppc64le }
          #- { os: linux, manylinux: '2_28', target: s390x }
          # musl
          - { os: linux, manylinux: musllinux_1_2, target: x86_64 }
          - { os: linux, manylinux: musllinux_1_2, target: aarch64 }
          - { os: linux, manylinux: musllinux_1_2, target: armv7 }
        exclude:
          # Fails with “LINK : fatal error LNK1181: cannot open input file 'python3.lib'”
          - os: windows
            target: aarch64
    runs-on: ${{ (matrix.os == 'linux' && 'ubuntu') || matrix.os }}-latest
    steps:
      - uses: actions/checkout@v5
      - uses: actions/setup-python@v6
        with:
          python-version: '3.13'
          architecture: ${{ matrix.python-architecture || 'x64' }}
      - run: pipx install twine abi3audit
      - uses: PyO3/maturin-action@v1
        with:
          target: ${{ matrix.target }}
          manylinux: ${{ matrix.manylinux }}
          args: --release --out dist --interpreter '3.11 3.12 3.13'
          rust-toolchain: stable
          docker-options: -e CI
          maturin-version: 1.9.4
          before-script-linux: |
            # If we're running on rhel centos, install needed packages.
            if command -v yum &> /dev/null; then
                yum update -y && yum install -y perl-core
                # https://github.com/PyO3/maturin-action/discussions/152
                if [[ "${{ matrix.os }}" == "linux" && "${{ matrix.target }}" == "x86_64" && "${{ matrix.manylinux }}" == "2_28" ]]; then
                    yum update -y && yum install -y clang
                fi
            fi
      - run: ${{ (matrix.os == 'windows' && 'dir') || 'ls -lh' }} dist/
      - run: twine check --strict dist/*
      - run: abi3audit dist/*.whl
      - uses: actions/upload-artifact@v4
        with:
          name: pypi-files-${{ matrix.os }}-${{ matrix.target }}-${{ matrix.manylinux }}
          path: dist

  build-sdist:
    name: build sdist
    # keep condition in sync with `build` job
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
      - uses: actions/setup-python@v6
        with:
          python-version: '3.13'
      - uses: PyO3/maturin-action@v1
        with:
          # https://github.com/PyO3/maturin/issues/2336#issuecomment-2507418846
          maturin-version: 1.7.4
          command: sdist
          args: --out dist
          rust-toolchain: stable
      - uses: actions/upload-artifact@v4
        with:
          name: pypi-files-sdist
          path: dist

  inspect:
    if: always()
    needs: [build, build-sdist]
    runs-on: ubuntu-latest
    steps:
      # https://github.com/re-actors/alls-green#why
      - uses: re-actors/alls-green@release/v1
        with:
          jobs: ${{ toJSON(needs) }}
      - uses: actions/download-artifact@v5
        with:
          pattern: pypi-files-*
          merge-multiple: true
          path: dist/
      - run: ls -lh dist/

  # If git tag is a version, verify that it matches the package metadata version (or fail job and skip `publish`)
  # If git tag is not a version, set output `version` to "" (also skipping `publish`)
  version:
    if: github.ref_type == 'tag' && startsWith(github.ref_name, 'v')
    needs: build
    outputs:
      version: ${{ steps.version.outputs.version }}
      is_prerelease: ${{ steps.version.outputs.is_prerelease }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
      - uses: actions/setup-python@v6
        with:
          python-version: '3.13'
      - uses: actions/download-artifact@v4
        with:
          name: pypi-files-linux-x86_64-2_28
          path: dist/
      - name: Install zarrs-python
        run: pip install packaging dist/*manylinux_2_28_x86_64.whl
      - name: Get zarrs-python version and tag
        id: version
        run: python .github/workflows/version-cmp.py

  publish:
    if: needs.version.outputs.version != ''
    runs-on: ubuntu-latest
    needs: [inspect, version]
    environment: pypi
    permissions:
      contents: write # to create a github release
      id-token: write # to authenticate as Trusted Publisher to pypi.org
    steps:
      - uses: actions/download-artifact@v4
        with:
          pattern: pypi-files-*
          merge-multiple: true
          path: dist/
      - name: "Publishing version ${{ needs.version.outputs.version }}"
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          packages-dir: dist/
          verbose: true
      - uses: ncipollo/release-action@v1
        with:
          name: ${{ needs.version.outputs.version }}
          prerelease: ${{ needs.version.outputs.is_prerelease }}
          generateReleaseNotes: true