add cargo publish workflow with environment secret #57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - '**' | |
| pull_request: {} | |
| jobs: | |
| test-py: | |
| runs-on: ubuntu-latest | |
| name: test ${{ matrix.python-version }} rust ${{ matrix.rust-toolchain }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ['3.7', '3.8', '3.9', '3.10', '3.11'] | |
| rust-toolchain: ['stable', 'nightly'] | |
| env: | |
| PYTHON: ${{ matrix.python-version }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: set up python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - run: pip install --upgrade pip | |
| - name: install rust ${{ matrix.rust-toolchain }} | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ matrix.rust-toolchain }} | |
| - id: cache-rust | |
| name: cache rust | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: v1 | |
| - run: pip install -e . | |
| test-rust: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| - run: pip install --upgrade pip | |
| - name: install rust nightly | |
| uses: dtolnay/rust-toolchain@nightly | |
| - id: cache-rust-tests | |
| name: cache rust | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: v1 | |
| - name: test rust | |
| run: cargo test | |
| lint-rust: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| - run: pip install --upgrade pip | |
| - name: install rust nightly | |
| uses: dtolnay/rust-toolchain@nightly | |
| with: | |
| components: rustfmt, clippy | |
| - id: cache-rust-lint | |
| name: cache rust | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: v1 | |
| - name: fmt rust | |
| run: cargo fmt --check | |
| - name: clippy rust | |
| run: cargo clippy | |
| lint-py: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| - run: pip install --upgrade pip | |
| - uses: isort/isort-action@master | |
| with: | |
| sortPaths: "py" | |
| # https://github.com/marketplace/actions/alls-green#why used for branch protection checks | |
| check: | |
| if: always() | |
| needs: [test-py, test-rust, lint-rust, lint-py, check-versions] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Decide whether the needed jobs succeeded or failed | |
| uses: re-actors/alls-green@release/v1 | |
| with: | |
| jobs: ${{ toJSON(needs) }} | |
| build-sdist: | |
| name: Build source distribution | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Build sdist | |
| run: pipx run build --sdist | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: sdist-artifact | |
| path: dist/*.tar.gz | |
| if-no-files-found: error | |
| check-versions: | |
| name: ensure package versions all correspond to the most recent tag | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - run: pip install --upgrade pip | |
| - run: sudo apt install jq | |
| - name: install rust nightly | |
| uses: dtolnay/rust-toolchain@nightly | |
| - id: cache-rust-version-check | |
| name: cache rust | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: v1 | |
| - run: python -c 'import tomllib; t = tomllib.load(open("pyproject.toml", "rb")); print("\n".join(t["build-system"]["requires"]));' > build-requires.txt | |
| - run: pip install -r build-requires.txt | |
| - run: git describe --tags --abbrev=0 > latest-tag.version | |
| - run: printf 'v%s\n' "$(python setup.py --dry-run --version)" > py.version | |
| - run: cargo metadata --format-version 1 | jq -r '.packages[] | select(.name == "libmedusa-zip") | "v" + .version' > rust-lib.version | |
| - run: cargo metadata --format-version 1 | jq -r '.packages[] | select(.name == "pymedusa-zip") | "v" + .version' > py-lib.version | |
| - run: cargo metadata --format-version 1 | jq -r '.packages[] | select(.name == "medusa-zip") | "v" + .version' > cli.version | |
| - run: | | |
| num_separate_versions="$(cat *.version | sort -u | wc -l)" | |
| if [[ "$num_separate_versions" -gt 1 ]]; then | |
| printf '%s\n' '::error::versions are out of sync:' $(cat *.version) | |
| exit 1 | |
| fi | |
| build-bdists: | |
| name: build bdists for many pythons in a row on ${{ matrix.os }} | |
| # run on releases, and on PRs with the label 'Full Build' | |
| if: "success() && (startsWith(github.ref, 'refs/tags/') || contains(github.event.pull_request.labels.*.name, 'Full Build'))" | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # os: [ubuntu, macos, windows] | |
| os: [ubuntu] | |
| runs-on: ${{ matrix.os }}-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: set up python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.11 | |
| architecture: ${{ matrix.python-architecture || 'x64' }} | |
| - run: pip install --upgrade pip | |
| - name: build wheels | |
| uses: pypa/cibuildwheel@v2.14.1 | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: bdists-artifact | |
| path: ./wheelhouse/*.whl | |
| if-no-files-found: error | |
| upload-pypi-assets: | |
| name: upload it to pypi | |
| # NB: we have decided that releases are tags starting with a 'v'! | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
| needs: [build-sdist, build-bdists] | |
| environment: pypi | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: get sdist artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: sdist-artifact | |
| path: dist | |
| - name: get bdist artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: bdists-artifact | |
| path: dist | |
| - uses: pypa/gh-action-pypi-publish@release/v1 | |
| publish-cargo-packages: | |
| name: publish cargo packages | |
| # NB: we have decided that releases are tags starting with a 'v'! | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
| environment: crates-io | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: install rust nightly | |
| uses: dtolnay/rust-toolchain@nightly | |
| - id: cache-rust-publish | |
| name: cache rust | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: v1 | |
| - env: | |
| CARGO_REGISTRY_TOKEN: ${{ secrets.MY_CRATES_IO_TOKEN }} | |
| - run: cargo publish -p libmedusa-zip | |
| - run: cargo publish -p pymedusa-zip | |
| - run: cargo publish -p medusa-zip |