diff --git a/src/ci.rs b/src/ci.rs index 378bbc3af..8e9bc4c39 100644 --- a/src/ci.rs +++ b/src/ci.rs @@ -108,6 +108,9 @@ pub struct GenerateCI { /// Use zig to do cross compilation #[arg(long)] pub zig: bool, + /// Skip artifact attestation + #[arg(long)] + pub skip_attestation: bool, } impl Default for GenerateCI { @@ -124,6 +127,7 @@ impl Default for GenerateCI { ], pytest: false, zig: false, + skip_attestation: false, } } } @@ -588,18 +592,31 @@ jobs:\n", id-token: write # Used to upload release artifacts contents: write - # Used to generate artifact attestation - attestations: write "#, ); + if !self.skip_attestation { + conf.push_str( + r#" # Used to generate artifact attestation + attestations: write +"#, + ); + } conf.push_str( r#" steps: - uses: actions/download-artifact@v4 - - name: Generate artifact attestation +"#, + ); + if !self.skip_attestation { + conf.push_str( + r#" - name: Generate artifact attestation uses: actions/attest-build-provenance@v1 with: subject-path: 'wheels-*/*' - - name: Publish to PyPI +"#, + ); + } + conf.push_str( + r#" - name: Publish to PyPI if: "startsWith(github.ref, 'refs/tags/')" uses: PyO3/maturin-action@v1 env: @@ -1006,6 +1023,177 @@ mod tests { expected.assert_eq(&conf); } + #[test] + fn test_generate_github_no_attestations() { + let conf = GenerateCI { + skip_attestation: true, + ..Default::default() + } + .generate_github("example", &BridgeModel::BindingsAbi3(3, 7), false) + .unwrap() + .lines() + .skip(5) + .collect::>() + .join("\n"); + let expected = expect![[r#" + name: CI + + on: + push: + branches: + - main + - master + tags: + - '*' + pull_request: + workflow_dispatch: + + permissions: + contents: read + + jobs: + linux: + runs-on: ${{ matrix.platform.runner }} + strategy: + matrix: + platform: + - runner: ubuntu-latest + target: x86_64 + - runner: ubuntu-latest + target: x86 + - runner: ubuntu-latest + target: aarch64 + - runner: ubuntu-latest + target: armv7 + - runner: ubuntu-latest + target: s390x + - runner: ubuntu-latest + target: ppc64le + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 + with: + python-version: 3.x + - name: Build wheels + uses: PyO3/maturin-action@v1 + with: + target: ${{ matrix.platform.target }} + args: --release --out dist + sccache: 'true' + manylinux: auto + - name: Upload wheels + uses: actions/upload-artifact@v4 + with: + name: wheels-linux-${{ matrix.platform.target }} + path: dist + + musllinux: + runs-on: ${{ matrix.platform.runner }} + strategy: + matrix: + platform: + - runner: ubuntu-latest + target: x86_64 + - runner: ubuntu-latest + target: x86 + - runner: ubuntu-latest + target: aarch64 + - runner: ubuntu-latest + target: armv7 + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 + with: + python-version: 3.x + - name: Build wheels + uses: PyO3/maturin-action@v1 + with: + target: ${{ matrix.platform.target }} + args: --release --out dist + sccache: 'true' + manylinux: musllinux_1_2 + - name: Upload wheels + uses: actions/upload-artifact@v4 + with: + name: wheels-musllinux-${{ matrix.platform.target }} + path: dist + + windows: + runs-on: ${{ matrix.platform.runner }} + strategy: + matrix: + platform: + - runner: windows-latest + target: x64 + - runner: windows-latest + target: x86 + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 + with: + python-version: 3.x + architecture: ${{ matrix.platform.target }} + - name: Build wheels + uses: PyO3/maturin-action@v1 + with: + target: ${{ matrix.platform.target }} + args: --release --out dist + sccache: 'true' + - name: Upload wheels + uses: actions/upload-artifact@v4 + with: + name: wheels-windows-${{ matrix.platform.target }} + path: dist + + macos: + runs-on: ${{ matrix.platform.runner }} + strategy: + matrix: + platform: + - runner: macos-12 + target: x86_64 + - runner: macos-14 + target: aarch64 + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 + with: + python-version: 3.x + - name: Build wheels + uses: PyO3/maturin-action@v1 + with: + target: ${{ matrix.platform.target }} + args: --release --out dist + sccache: 'true' + - name: Upload wheels + uses: actions/upload-artifact@v4 + with: + name: wheels-macos-${{ matrix.platform.target }} + path: dist + + release: + name: Release + runs-on: ubuntu-latest + if: ${{ startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' }} + needs: [linux, musllinux, windows, macos] + permissions: + # Use to sign the release artifacts + id-token: write + # Used to upload release artifacts + contents: write + steps: + - uses: actions/download-artifact@v4 + - name: Publish to PyPI + if: "startsWith(github.ref, 'refs/tags/')" + uses: PyO3/maturin-action@v1 + env: + MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }} + with: + command: upload + args: --non-interactive --skip-existing wheels-*/*"#]]; + expected.assert_eq(&conf); + } + #[test] fn test_generate_github_zig_pytest() { let gen = GenerateCI { diff --git a/tests/cmd/generate-ci.stdout b/tests/cmd/generate-ci.stdout index ddbda43f9..d186b78f8 100644 --- a/tests/cmd/generate-ci.stdout +++ b/tests/cmd/generate-ci.stdout @@ -46,5 +46,8 @@ Options: --zig Use zig to do cross compilation + --skip-attestation + Skip artifact attestation + -h, --help Print help (see a summary with '-h')