CI: Add attesations #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: | |
- master | |
- nipy | |
pull_request: | |
branches: | |
- master | |
release: | |
types: [published] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build-sdist: | |
name: Build sdist | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Build sdist | |
run: pipx run build -s | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: sdist | |
path: ./dist/*.tar.gz | |
build-wheel: | |
# Runs on tags and commits with "[build wheels]" in the message | |
name: Build wheel for ${{ matrix.python }}-${{ matrix.buildplat[1] }} | |
needs: [build-sdist] | |
runs-on: ${{ matrix.buildplat[0] }} | |
strategy: | |
fail-fast: false | |
matrix: | |
buildplat: | |
- [ubuntu-20.04, musllinux_x86_64] | |
- [macos-12, macosx_*] | |
- [windows-2019, win_amd64] | |
python: ["cp38", "cp39", "cp310", "cp311", "cp312"] | |
include: | |
# Manylinux builds are cheap, do all in one | |
- { buildplat: ["ubuntu-20.04", "manylinux_x86_64"], python: "*" } | |
exclude: | |
- buildplat: [ubuntu-20.04, musllinux_x86_64] | |
python: "cp38" | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: | |
name: sdist | |
path: ./dist | |
- uses: actions/setup-python@v3 | |
- name: Update pip/pipx | |
run: pip install --upgrade pip pipx | |
- name: Build wheel(s) | |
run: pipx run cibuildwheel $( ls dist/*.tar.gz ) | |
env: | |
CIBW_BUILD: ${{ matrix.python }}-${{ matrix.buildplat[1] }} | |
CIBW_TEST_REQUIRES: pytest | |
CIBW_TEST_COMMAND: pytest --pyargs gradunwarp | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.python == '*' && 'all' || matrix.python }}-${{ startsWith(matrix.buildplat[1], 'macosx') && 'macosx' || matrix.buildplat[1] }} | |
path: ./wheelhouse/*.whl | |
test-sdist: | |
name: Test sdist | |
needs: [build-sdist] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: | |
name: sdist | |
path: ./dist | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: 3 | |
- name: Display Python version | |
run: python -c "import sys; print(sys.version)" | |
- name: Install sdist | |
run: pip install dist/*.tar.gz | |
- run: python -c 'from gradunwarp.core.globals import VERSION; print(VERSION)' | |
- name: Install pytest | |
run: pip install pytest | |
- name: Run tests | |
run: pytest -v --pyargs gradunwarp | |
pre-publish: | |
runs-on: ubuntu-latest | |
needs: [test-sdist, build-wheel] | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: | |
path: dist/ | |
- name: Check artifacts | |
run: ls -lR | |
- name: Consolidate and re-check | |
run: | | |
mv dist/*/*.{tar.gz,whl} dist | |
rmdir dist/*/ | |
ls -lR | |
- run: pipx run twine check dist/* | |
publish: | |
runs-on: ubuntu-latest | |
environment: "Package deployment" | |
needs: [pre-publish] | |
if: github.event_name == 'release' && github.event.action == 'published' | |
permissions: | |
id-token: write | |
attestations: write | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: | |
path: dist/ | |
- name: Consolidate artifacts | |
run: | | |
mv dist/*/*.{tar.gz,whl} dist | |
rmdir dist/*/ | |
- name: Generate artifact attestations | |
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
with: | |
subject-path: "dist/nipy_gradunwarp-*" | |
- uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
attestations: true |