Skip to content

CI: Add attesations

CI: Add attesations #3

Workflow file for this run

name: Build
on:
push:
branches:
- master
- nipy
pull_request:
branches:
- master
release:
types: [published]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-sdist:
name: Build sdist
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Build sdist
run: pipx run build -s
- uses: actions/upload-artifact@v3
with:
name: sdist
path: ./dist/*.tar.gz
build-wheel:
# Runs on tags and commits with "[build wheels]" in the message
name: Build wheel for ${{ matrix.python }}-${{ matrix.buildplat[1] }}
needs: [build-sdist]
runs-on: ${{ matrix.buildplat[0] }}
strategy:
fail-fast: false
matrix:
buildplat:
- [ubuntu-20.04, musllinux_x86_64]
- [macos-12, macosx_*]
- [windows-2019, win_amd64]
python: ["cp38", "cp39", "cp310", "cp311", "cp312"]
include:
# Manylinux builds are cheap, do all in one
- { buildplat: ["ubuntu-20.04", "manylinux_x86_64"], python: "*" }
exclude:
- buildplat: [ubuntu-20.04, musllinux_x86_64]
python: "cp38"
steps:
- uses: actions/download-artifact@v3
with:
name: sdist
path: ./dist
- uses: actions/setup-python@v3
- name: Update pip/pipx
run: pip install --upgrade pip pipx
- name: Build wheel(s)
run: pipx run cibuildwheel $( ls dist/*.tar.gz )
env:
CIBW_BUILD: ${{ matrix.python }}-${{ matrix.buildplat[1] }}
CIBW_TEST_REQUIRES: pytest
CIBW_TEST_COMMAND: pytest --pyargs gradunwarp
- uses: actions/upload-artifact@v3
with:
name: ${{ matrix.python == '*' && 'all' || matrix.python }}-${{ startsWith(matrix.buildplat[1], 'macosx') && 'macosx' || matrix.buildplat[1] }}
path: ./wheelhouse/*.whl
test-sdist:
name: Test sdist
needs: [build-sdist]
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v3
with:
name: sdist
path: ./dist
- uses: actions/setup-python@v4
with:
python-version: 3
- name: Display Python version
run: python -c "import sys; print(sys.version)"
- name: Install sdist
run: pip install dist/*.tar.gz
- run: python -c 'from gradunwarp.core.globals import VERSION; print(VERSION)'
- name: Install pytest
run: pip install pytest
- name: Run tests
run: pytest -v --pyargs gradunwarp
pre-publish:
runs-on: ubuntu-latest
needs: [test-sdist, build-wheel]
steps:
- uses: actions/download-artifact@v3
with:
path: dist/
- name: Check artifacts
run: ls -lR
- name: Consolidate and re-check
run: |
mv dist/*/*.{tar.gz,whl} dist
rmdir dist/*/
ls -lR
- run: pipx run twine check dist/*
publish:
runs-on: ubuntu-latest
environment: "Package deployment"
needs: [pre-publish]
if: github.event_name == 'release' && github.event.action == 'published'
permissions:
id-token: write
attestations: write
steps:
- uses: actions/download-artifact@v3
with:
path: dist/
- name: Consolidate artifacts
run: |
mv dist/*/*.{tar.gz,whl} dist
rmdir dist/*/
- name: Generate artifact attestations
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
with:
subject-path: "dist/nipy_gradunwarp-*"
- uses: pypa/gh-action-pypi-publish@release/v1
with:
attestations: true