-
-
Notifications
You must be signed in to change notification settings - Fork 9
149 lines (129 loc) · 3.95 KB
/
Copy pathci.yml
File metadata and controls
149 lines (129 loc) · 3.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: CI
on:
pull_request:
push:
branches:
- main
tags:
- "v*"
workflow_call:
inputs:
attest-package:
description: "Create GitHub provenance attestation for the package."
default: "false"
type: string
# Cancel active CI runs for a PR before starting another run
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
defaults:
run:
shell: bash
# Default to no permissions; each job opts in to exactly what it needs.
permissions: {}
env:
FORCE_COLOR: "1"
jobs:
pre-commit:
name: Pre-commit checks
permissions:
contents: read
uses: beeware/.github/.github/workflows/pre-commit-run.yml@66283ddb9e206f93b423118deecf1caf516078c1 # main
with:
pre-commit-source: "pre-commit"
build-wheels:
needs: pre-commit
name: Build wheels
runs-on: macos-latest
permissions:
id-token: write
attestations: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
persist-credentials: false
- name: Set up Python
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
with:
python-version: "3.x"
- name: Build wheels
uses: pypa/cibuildwheel@294735312765b09d24a2fbec22660ce817587d55 # v4.1.0
with:
output-dir: dist
- name: Generate build provenance attestation for wheels
if: inputs.attest-package == 'true'
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4
with:
subject-path: "dist/*.whl"
- name: Upload artefacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: dist-wheels
path: ./dist/*.whl
if-no-files-found: error
build-sdist:
needs: pre-commit
name: Build sdist
runs-on: macos-latest
permissions:
id-token: write
attestations: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
persist-credentials: false
- name: Set up Python
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
with:
python-version: "3.x"
- name: Build sdist
run: |
python -m pip install --upgrade build
python -m build --sdist
- name: Generate build provenance attestation for sdist
if: inputs.attest-package == 'true'
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4
with:
subject-path: "dist/*.tar.gz"
- name: Upload artefacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: dist-sdist
path: ./dist/*.tar.gz
if-no-files-found: error
test:
name: Test (${{ matrix.python-version }})
needs: build-wheels
runs-on: macos-latest
permissions:
contents: read
strategy:
fail-fast: false
matrix:
python-version: ["3.10", "3.11", "3.12", "3.13", "3.14", "3.15"]
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
persist-credentials: false
- name: Set up Python
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
with:
python-version: ${{ matrix.python-version }}
allow-prereleases: true
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: dist-wheels
path: wheelhouse
- name: Install tox
run: |
python -m pip install --group tox-uv
- name: Run smoke test
run: tox -e py