Skip to content

Commit

Permalink
feat: add skip attestation option to maturin ci github
Browse files Browse the repository at this point in the history 
for private, non-enterprise repositories, attestation of github artifacts is not available. this commit adds the option to generate a ci file which skips the attestation step
  • Loading branch information
@moldhouse
moldhouse committed Oct 15, 2024
1 parent 7bda888 commit 3953fd0
Show file tree
Hide file tree
Showing 2 changed files with 195 additions and 4 deletions.
196 changes: 192 additions & 4 deletions src/ci.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,9 @@ pub struct GenerateCI {
/// Use zig to do cross compilation
#[arg(long)]
pub zig: bool,
/// Skip artifact attestation
#[arg(long)]
pub skip_attestation: bool,
}

impl Default for GenerateCI {
Expand All @@ -124,6 +127,7 @@ impl Default for GenerateCI {
],
pytest: false,
zig: false,
skip_attestation: false,
}
}
}
Expand Down Expand Up @@ -588,18 +592,31 @@ jobs:\n",
id-token: write
# Used to upload release artifacts
contents: write
# Used to generate artifact attestation
attestations: write
"#,
);
if !self.skip_attestation {
conf.push_str(
r#" # Used to generate artifact attestation
attestations: write
"#,
);
}
conf.push_str(
r#" steps:
- uses: actions/download-artifact@v4
- name: Generate artifact attestation
"#,
);
if !self.skip_attestation {
conf.push_str(
r#" - name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: 'wheels-*/*'
- name: Publish to PyPI
"#,
);
}
conf.push_str(
r#" - name: Publish to PyPI
if: "startsWith(github.ref, 'refs/tags/')"
uses: PyO3/maturin-action@v1
env:
Expand Down Expand Up @@ -1006,6 +1023,177 @@ mod tests {
expected.assert_eq(&conf);
}

#[test]
fn test_generate_github_no_attestations() {
let conf = GenerateCI {
skip_attestation: true,
..Default::default()
}
.generate_github("example", &BridgeModel::BindingsAbi3(3, 7), false)
.unwrap()
.lines()
.skip(5)
.collect::<Vec<_>>()
.join("\n");
let expected = expect![[r#"
name: CI
on:
push:
branches:
- main
- master
tags:
- '*'
pull_request:
workflow_dispatch:
permissions:
contents: read
jobs:
linux:
runs-on: ${{ matrix.platform.runner }}
strategy:
matrix:
platform:
- runner: ubuntu-latest
target: x86_64
- runner: ubuntu-latest
target: x86
- runner: ubuntu-latest
target: aarch64
- runner: ubuntu-latest
target: armv7
- runner: ubuntu-latest
target: s390x
- runner: ubuntu-latest
target: ppc64le
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Build wheels
uses: PyO3/maturin-action@v1
with:
target: ${{ matrix.platform.target }}
args: --release --out dist
sccache: 'true'
manylinux: auto
- name: Upload wheels
uses: actions/upload-artifact@v4
with:
name: wheels-linux-${{ matrix.platform.target }}
path: dist
musllinux:
runs-on: ${{ matrix.platform.runner }}
strategy:
matrix:
platform:
- runner: ubuntu-latest
target: x86_64
- runner: ubuntu-latest
target: x86
- runner: ubuntu-latest
target: aarch64
- runner: ubuntu-latest
target: armv7
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Build wheels
uses: PyO3/maturin-action@v1
with:
target: ${{ matrix.platform.target }}
args: --release --out dist
sccache: 'true'
manylinux: musllinux_1_2
- name: Upload wheels
uses: actions/upload-artifact@v4
with:
name: wheels-musllinux-${{ matrix.platform.target }}
path: dist
windows:
runs-on: ${{ matrix.platform.runner }}
strategy:
matrix:
platform:
- runner: windows-latest
target: x64
- runner: windows-latest
target: x86
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.x
architecture: ${{ matrix.platform.target }}
- name: Build wheels
uses: PyO3/maturin-action@v1
with:
target: ${{ matrix.platform.target }}
args: --release --out dist
sccache: 'true'
- name: Upload wheels
uses: actions/upload-artifact@v4
with:
name: wheels-windows-${{ matrix.platform.target }}
path: dist
macos:
runs-on: ${{ matrix.platform.runner }}
strategy:
matrix:
platform:
- runner: macos-12
target: x86_64
- runner: macos-14
target: aarch64
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Build wheels
uses: PyO3/maturin-action@v1
with:
target: ${{ matrix.platform.target }}
args: --release --out dist
sccache: 'true'
- name: Upload wheels
uses: actions/upload-artifact@v4
with:
name: wheels-macos-${{ matrix.platform.target }}
path: dist
release:
name: Release
runs-on: ubuntu-latest
if: ${{ startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' }}
needs: [linux, musllinux, windows, macos]
permissions:
# Use to sign the release artifacts
id-token: write
# Used to upload release artifacts
contents: write
steps:
- uses: actions/download-artifact@v4
- name: Publish to PyPI
if: "startsWith(github.ref, 'refs/tags/')"
uses: PyO3/maturin-action@v1
env:
MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
with:
command: upload
args: --non-interactive --skip-existing wheels-*/*"#]];
expected.assert_eq(&conf);
}

#[test]
fn test_generate_github_zig_pytest() {
let gen = GenerateCI {
Expand Down
3 changes: 3 additions & 0 deletions tests/cmd/generate-ci.stdout
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,5 +46,8 @@ Options:
--zig
Use zig to do cross compilation

--skip-attestation
Skip artifact attestation

-h, --help
Print help (see a summary with '-h')

0 comments on commit 3953fd0

Please sign in to comment.