Adjust Pypi publish workflow #937
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Aries-Askar" | |
env: | |
RUST_VERSION: "1.81.0" | |
CROSS_VERSION: "0.2.4" | |
TEST_FEATURES: "" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
actions: write | |
contents: write | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
release: | |
types: [created] | |
workflow_dispatch: | |
inputs: | |
publish-binaries: | |
description: "Publish Binaries to Release (will create a release if no release exists for branch or tag)" | |
required: true | |
default: false | |
type: boolean | |
publish-python-wrapper: | |
description: "Publish Python Wrapper to Registries" | |
required: true | |
default: false | |
type: boolean | |
jobs: | |
checks: | |
name: Run checks | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
components: clippy, rustfmt | |
- name: Cache cargo resources | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: deps | |
cache-on-failure: true | |
- name: Cargo fmt | |
run: cargo fmt --all -- --check | |
- name: Cargo check | |
run: cargo check --workspace | |
- if: ${{ runner.os == 'Linux' }} | |
name: Pre-install cross | |
run: | | |
cargo install --bins --git https://github.com/rust-embedded/cross --locked --tag v${{ env.CROSS_VERSION }} cross | |
tests: | |
name: Run tests | |
needs: [checks] | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: Cache cargo resources | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: deps | |
save-if: false | |
- name: Debug build | |
run: cargo build --all-targets | |
- if: ${{ runner.os == 'Linux' }} | |
name: Start postgres (Linux) | |
run: | | |
sudo systemctl start postgresql.service | |
pg_isready | |
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'postgres'" | |
echo "POSTGRES_URL=postgres://postgres:postgres@localhost:5432/test-db" >> $GITHUB_ENV | |
echo "TEST_FEATURES=pg_test" >> $GITHUB_ENV | |
- name: Run tests | |
run: cargo test --workspace --features "${{ env.TEST_FEATURES || 'default' }}" -- --nocapture --test-threads 1 --skip contention | |
env: | |
RUST_BACKTRACE: full | |
# RUST_LOG: debug | |
- name: Test askar-crypto no default features | |
run: cargo test --manifest-path ./askar-crypto/Cargo.toml --no-default-features | |
build-release: | |
name: Build library | |
needs: [checks] | |
strategy: | |
matrix: | |
include: | |
- architecture: linux-aarch64 | |
os: ubuntu-latest | |
lib: libaries_askar.so | |
target: aarch64-unknown-linux-gnu | |
use_cross: true | |
- architecture: linux-x86_64 | |
os: ubuntu-latest | |
lib: libaries_askar.so | |
target: x86_64-unknown-linux-gnu | |
use_cross: true | |
- architecture: darwin-universal | |
os: macos-latest | |
lib: libaries_askar.dylib | |
target: darwin-universal | |
# beta or nightly required for aarch64-apple-darwin target | |
toolchain: beta | |
- architecture: windows-x86_64 | |
os: windows-latest | |
lib: aries_askar.dll | |
target: x86_64-pc-windows-msvc | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ matrix.toolchain || env.RUST_VERSION }} | |
- name: Cache cargo resources | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: deps | |
save-if: false | |
- name: Build | |
shell: sh | |
run: | | |
if [ -n "${{ matrix.use_cross }}" ]; then | |
cargo install --bins --git https://github.com/rust-embedded/cross --locked --tag v${{ env.CROSS_VERSION }} cross | |
# Required for compatibility with manylinux2014. | |
# https://github.com/briansmith/ring/issues/1728 | |
if [ "${{ matrix.architecture }}" = "linux-aarch64" ]; then | |
export CFLAGS="-D__ARM_ARCH=8" | |
fi | |
cross build --lib --release --target ${{ matrix.target }} | |
elif [ "${{ matrix.architecture }}" == "darwin-universal" ]; then | |
./build-universal.sh | |
else | |
cargo build --lib --release --target ${{ matrix.target }} | |
fi | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: library-${{ matrix.architecture }} | |
path: target/${{ matrix.target }}/release/${{ matrix.lib }} | |
- name: Create artifacts directory | |
if: | | |
github.event_name == 'release' || | |
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-binaries == 'true') | |
run: | | |
mkdir release-artifacts | |
cp target/${{ matrix.target }}/release/${{ matrix.lib }} release-artifacts/ | |
- uses: a7ul/tar-action@v1.2.0 | |
if: | | |
github.event_name == 'release' || | |
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-binaries == 'true') | |
with: | |
command: c | |
cwd: release-artifacts | |
files: . | |
outPath: "library-${{ matrix.architecture }}.tar.gz" | |
- name: Add artifacts to release | |
if: | | |
github.event_name == 'release' || | |
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-binaries == 'true') | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
file: library-${{ matrix.architecture }}.tar.gz | |
asset_name: "library-${{ matrix.architecture }}.tar.gz" | |
build-py: | |
name: Build and test Python wrapper | |
needs: [build-release] | |
strategy: | |
matrix: | |
architecture: | |
[linux-aarch64, linux-x86_64, darwin-universal, windows-x86_64] | |
python-version: ["3.8"] | |
include: | |
- os: ubuntu-latest | |
architecture: linux-aarch64 | |
plat-name: manylinux2014_aarch64 | |
- os: ubuntu-latest | |
architecture: linux-x86_64 | |
plat-name: manylinux2014_x86_64 | |
- os: macos-latest | |
architecture: darwin-universal | |
plat-name: macosx_10_9_universal2 # macosx_10_9_x86_64 | |
- os: windows-latest | |
architecture: windows-x86_64 | |
plat-name: win_amd64 | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install setuptools wheel twine auditwheel | |
- name: Fetch library artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: library-${{ matrix.architecture }} | |
path: wrappers/python/aries_askar/ | |
- if: ${{ runner.os == 'Linux' }} | |
name: Start postgres (Linux) | |
run: | | |
sudo systemctl start postgresql.service | |
pg_isready | |
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'postgres'" | |
echo "POSTGRES_URL=postgres://postgres:postgres@localhost:5432/test-db" >> $GITHUB_ENV | |
- name: Build wheel package | |
shell: sh | |
run: | | |
python setup.py bdist_wheel --python-tag=py3 --plat-name=${{ matrix.plat-name }} | |
working-directory: wrappers/python | |
- name: Run tests | |
# FIXME cross platform test the python package | |
# maybe use the cross docker image? | |
if: ${{ matrix.architecture != 'linux-aarch64' }} | |
shell: sh | |
run: | | |
pip install pytest pytest-asyncio dist/* | |
echo "-- Test SQLite in-memory --" | |
python -m pytest --log-cli-level=WARNING -k "not contention" | |
echo "-- Test SQLite file DB --" | |
TEST_STORE_URI=sqlite://test.db python -m pytest --log-cli-level=WARNING -k "not contention" | |
if [ -n "$POSTGRES_URL" ]; then | |
echo "-- Test Postgres DB --" | |
TEST_STORE_URI="$POSTGRES_URL" python -m pytest --log-cli-level=WARNING -k "not contention" | |
fi | |
working-directory: wrappers/python | |
env: | |
no_proxy: "*" # python issue 30385 | |
RUST_BACKTRACE: full | |
# RUST_LOG: debug | |
- if: ${{ runner.os == 'Linux' }} | |
name: Audit wheel | |
run: | | |
auditwheel show wrappers/python/dist/* | tee auditwheel.log | |
grep -q manylinux_2_17_ auditwheel.log | |
- name: Upload Built Python Package | |
if: github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish-python-wrapper == 'true') | |
uses: actions/upload-artifact@v4 | |
with: | |
name: python_package-${{ matrix.plat-name }} | |
path: wrappers/python/dist | |
publish-py: | |
name: Publish Python package | |
needs: [build-py] | |
if: github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish-python-wrapper == 'true') | |
permissions: | |
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
runs-on: ubuntu-latest | |
environment: | |
name: pypi | |
url: https://pypi.org/p/aries-askar | |
steps: | |
- name: Fetch Python package | |
uses: actions/download-artifact@v4 | |
with: | |
path: wrappers/python/dist | |
pattern: "python_package-*" | |
merge-multiple: true | |
- run: ls -R wrappers/python/dist | |
- name: Publish to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
packages-dir: wrappers/python/dist | |
build-ios: | |
name: Build library (iOS) | |
needs: [checks] | |
runs-on: macos-latest | |
env: | |
FEATURES: "mobile_secure_element" | |
strategy: | |
matrix: | |
target: [aarch64-apple-ios, aarch64-apple-ios-sim, x86_64-apple-ios] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
targets: ${{ matrix.target }} | |
- name: Build | |
run: | | |
cargo build --lib --release --target ${{matrix.target}} --features ${{ env.FEATURES }} | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: library-${{ matrix.target }} | |
path: target/${{ matrix.target }}/release/libaries_askar.a | |
build-android: | |
name: Build library (Android) | |
needs: [checks] | |
env: | |
FEATURES: "mobile_secure_element" | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
target: | |
[ | |
aarch64-linux-android, | |
armv7-linux-androideabi, | |
i686-linux-android, | |
x86_64-linux-android, | |
] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: Cache cargo resources | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: deps | |
save-if: false | |
- name: Build | |
run: | | |
# Using a fixed pre-release tag with a fix for NDK 25 support | |
cargo install --git https://github.com/cross-rs/cross.git --rev 085092c cross | |
# Required for compatibility with manylinux2014: | |
# https://github.com/briansmith/ring/issues/1728 | |
if [ "${{ matrix.target }}" = "aarch64-linux-android" ]; then | |
export CFLAGS="-D__ARM_ARCH=8" | |
fi | |
cross build --lib --release --target ${{matrix.target}} --features ${{ env.FEATURES }} | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: library-${{ matrix.target }} | |
path: target/${{ matrix.target }}/release/libaries_askar.so | |
create-ios-xcframework: | |
name: Create iOS xcframework | |
runs-on: macos-latest | |
needs: [build-ios] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Fetch static libraries | |
uses: actions/download-artifact@v4 | |
- run: > | |
./build-xcframework.sh library-aarch64-apple-ios \ | |
library-aarch64-apple-ios-sim \ | |
library-x86_64-apple-ios \ | |
include | |
- name: Save xcframework | |
uses: actions/upload-artifact@v4 | |
with: | |
name: aries_askar.xcframework | |
path: ./out | |
- uses: geekyeggo/delete-artifact@v5 | |
with: | |
name: | | |
library-aarch64-apple-ios | |
library-aarch64-apple-ios-sim | |
library-x86_64-apple-ios | |
failOnError: false | |
create-android-library: | |
name: Create library (Android) | |
runs-on: ubuntu-latest | |
needs: [build-android] | |
steps: | |
- name: Fetch libraries | |
uses: actions/download-artifact@v4 | |
- run: | | |
sudo mkdir ./libs | |
sudo mv library-aarch64-linux-android ./libs/arm64-v8a | |
sudo mv library-armv7-linux-androideabi ./libs/armeabi-v7a | |
sudo mv library-i686-linux-android ./libs/x86 | |
sudo mv library-x86_64-linux-android ./libs/x86_64 | |
- name: Save Android library | |
uses: actions/upload-artifact@v4 | |
with: | |
name: android-libraries | |
path: ./libs | |
- uses: geekyeggo/delete-artifact@v5 | |
with: | |
name: | | |
library-aarch64-linux-android | |
library-armv7-linux-androideabi | |
library-i686-linux-android | |
library-x86_64-linux-android | |
failOnError: false | |
create-ios-android-release-asset: | |
name: Create iOS and Android release assets | |
runs-on: ubuntu-latest | |
needs: | |
- create-ios-xcframework | |
- create-android-library | |
if: | | |
(github.event_name == 'release' || | |
(github.event_name == 'workflow_dispatch' && | |
github.event.inputs.publish-binaries == 'true')) | |
steps: | |
- name: Fetch Android libraries | |
uses: actions/download-artifact@v4 | |
with: | |
name: android-libraries | |
path: mobile/android/ | |
- name: Fetch iOS Framework | |
uses: actions/download-artifact@v4 | |
with: | |
name: aries_askar.xcframework | |
path: mobile/ios/ | |
- uses: a7ul/tar-action@v1.2.0 | |
with: | |
command: c | |
files: ./mobile | |
outPath: "library-ios-android.tar.gz" | |
- name: Add library artifacts to release | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
file: library-ios-android.tar.gz | |
asset_name: "library-ios-android.tar.gz" | |
build-success: | |
# see https://gh.neting.ccmunity/t/status-check-for-a-matrix-jobs/127354/7 | |
name: Successful build | |
needs: [tests, build-release, build-py] | |
if: ${{ always() }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check all job status | |
# see https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions#needs-context | |
# see https://stackoverflow.com/a/67532120/4907315 | |
if: >- | |
${{ | |
contains(needs.*.result, 'failure') | |
|| contains(needs.*.result, 'cancelled') | |
|| contains(needs.*.result, 'skipped') | |
}} | |
run: exit 1 |