Release #246
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
tags: [ 'v*' ] | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
release-crates-io: | |
name: Release crates.io | |
runs-on: ubuntu-latest | |
if: "startsWith(github.ref, 'refs/tags/')" | |
environment: | |
name: crates.io | |
url: ${{ steps.set_url.outputs.env_url }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
- name: cargo login | |
run: cargo login ${{ secrets.CRATES_IO_TOKEN }} | |
- name: cargo publish | |
run: cargo publish | |
- name: Set environment url | |
id: set_url | |
run: | | |
VERSION=$(echo $GITHUB_REF | sed -e "s#refs/tags/v##g") | |
echo "env_url=https://crates.io/crates/maturin/$VERSION" >> $GITHUB_OUTPUT | |
build: | |
name: Build ${{ matrix.target }} | |
strategy: | |
fail-fast: false | |
matrix: | |
target: | |
- x86_64-unknown-linux-musl | |
- x86_64-apple-darwin | |
- x86_64-pc-windows-msvc | |
- i686-pc-windows-msvc | |
- aarch64-pc-windows-msvc | |
include: | |
- target: x86_64-unknown-linux-musl | |
os: ubuntu-latest | |
name: maturin-x86_64-unknown-linux-musl.tar.gz | |
- target: x86_64-apple-darwin | |
os: macos-latest | |
name: maturin-x86_64-apple-darwin.tar.gz | |
- target: x86_64-pc-windows-msvc | |
os: windows-latest | |
name: maturin-x86_64-pc-windows-msvc.zip | |
- target: i686-pc-windows-msvc | |
os: windows-latest | |
name: maturin-i686-pc-windows-msvc.zip | |
- target: aarch64-pc-windows-msvc | |
os: windows-latest | |
name: maturin-aarch64-pc-windows-msvc.zip | |
runs-on: ${{ matrix.os }} | |
steps: | |
# Largely inspired by https://github.com/starship/starship/blob/35a0a20f5c4fea6a08e1b91ff631b089eef8fc50/.github/workflows/deploy.yml | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
targets: ${{ matrix.target }} | |
- name: Install musl tools | |
if: matrix.os == 'ubuntu-latest' | |
run: sudo apt-get install -y musl-tools | |
# Install gnu-tar because BSD tar is buggy | |
# https://github.com/actions/cache/issues/403 | |
- name: Install GNU tar (macOS) | |
if: matrix.os == 'macos-latest' | |
run: | | |
brew install gnu-tar | |
echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH | |
# Those two will also create target/${{ matrix.target }}/maturin | |
- name: Build wheel (with sdist) | |
if: matrix.target == 'x86_64-unknown-linux-musl' | |
run: | | |
cargo run -- build --release -b bin --sdist -o dist --target ${{ matrix.target }} --features password-storage --compatibility manylinux2010 musllinux_1_1 | |
# ring doesn't support aarch64 windows yet | |
- name: Build wheel (windows aarch64) | |
if: matrix.target == 'aarch64-pc-windows-msvc' | |
run: cargo run -- build --release -b bin -o dist --target ${{ matrix.target }} --no-default-features --features full,native-tls | |
- name: Build wheel (without sdist) | |
if: ${{ matrix.target != 'x86_64-unknown-linux-musl' && matrix.target != 'aarch64-pc-windows-msvc' }} | |
run: cargo run -- build --release -b bin -o dist --target ${{ matrix.target }} --features password-storage | |
- name: Build wheel (macOS universal2) | |
if: matrix.target == 'x86_64-apple-darwin' | |
env: | |
DEVELOPER_DIR: /Applications/Xcode.app/Contents/Developer | |
MACOSX_DEPLOYMENT_TARGET: '10.9' | |
run: | | |
# set SDKROOT for C dependencies like ring and bzip2 | |
export SDKROOT=$(xcrun --sdk macosx --show-sdk-path) | |
rustup target add aarch64-apple-darwin | |
cargo run -- build --release -b bin -o dist --target universal2-apple-darwin --features password-storage | |
- name: Archive binary (windows) | |
if: matrix.os == 'windows-latest' | |
run: | | |
cd target/${{ matrix.target }}/release | |
7z a ../../../${{ matrix.name }} ${{ github.event.repository.name }}.exe | |
cd - | |
- name: Archive binary (linux and macOS) | |
if: matrix.os != 'windows-latest' | |
run: | | |
cd target/${{ matrix.target }}/release | |
tar czvf ../../../${{ matrix.name }} ${{ github.event.repository.name }} | |
cd - | |
- name: Archive binary (macOS aarch64) | |
if: matrix.os == 'macos-latest' | |
run: | | |
cd target/aarch64-apple-darwin/release | |
tar czvf ../../../maturin-aarch64-apple-darwin.tar.gz ${{ github.event.repository.name }} | |
cd - | |
- name: Build debian package | |
if: ${{ matrix.os == 'ubuntu-latest' && startsWith(github.ref, 'refs/tags/') }} | |
env: | |
BINARY_NAME: ${{ github.event.repository.name }} | |
TARGET: ${{ matrix.target }} | |
VERSION: ${{ github.ref }} | |
run: ci/build_deb.sh | |
- name: Upload wheel artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: wheels | |
path: dist | |
- name: Upload binary artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: binaries | |
path: | | |
*.tar.gz | |
*.zip | |
*.deb | |
build-musl: | |
name: Build ${{ matrix.platform.target }} | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- target: "aarch64-unknown-linux-musl" | |
image_tag: "aarch64-musl" | |
compatibility: "manylinux2014 musllinux_1_1" | |
- target: "armv7-unknown-linux-musleabihf" | |
image_tag: "armv7-musleabihf" | |
compatibility: "manylinux2014 musllinux_1_1" | |
- target: "i686-unknown-linux-musl" | |
image_tag: "i686-musl" | |
compatibility: "manylinux2010 musllinux_1_1" | |
- target: "arm-unknown-linux-musleabihf" | |
image_tag: "arm-musleabihf" | |
compatibility: "linux" | |
- target: "powerpc64le-unknown-linux-musl" | |
image_tag: "powerpc64le-musl" | |
compatibility: "manylinux2014 musllinux_1_1" | |
- target: "s390x-unknown-linux-gnu" | |
image_tag: "s390x-musl" | |
compatibility: "manylinux2014" | |
container: | |
image: docker://ghcr.io/rust-cross/rust-musl-cross:${{ matrix.platform.image_tag }} | |
env: | |
RUSTUP_HOME: /root/.rustup | |
CARGO_HOME: /root/.cargo | |
steps: | |
- uses: actions/checkout@v4 | |
# powerpc64le-unknown-linux-musl doesn't have official std library release | |
- uses: dtolnay/rust-toolchain@stable | |
if: matrix.platform.target != 'powerpc64le-unknown-linux-musl' | |
with: | |
targets: ${{ matrix.platform.target }} | |
- name: Build wheel | |
env: | |
# Make psm compile, see https://github.com/rust-lang/stacker/issues/79 | |
CFLAGS_s390x_unknown_linux_gnu: "-march=z10" | |
run: | | |
sudo python3 -m pip install -U --pre maturin | |
maturin build --release -b bin -o dist \ | |
--target ${{ matrix.platform.target }} \ | |
--compatibility ${{ matrix.platform.compatibility }} \ | |
--features password-storage | |
- name: Archive binary | |
run: tar czvf target/release/maturin-${{ matrix.platform.target }}.tar.gz -C target/${{ matrix.platform.target }}/release maturin | |
- name: Upload wheel artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: wheels | |
path: dist | |
- name: Upload binary artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: binaries | |
path: target/release/maturin-${{ matrix.platform.target }}.tar.gz | |
release-pypi: | |
permissions: | |
# Used to sign the release's artifacts with sigstore-python | |
# and upload to PyPI using trusted publisher. | |
id-token: write | |
# Used to upload release artifacts. | |
contents: write | |
name: Publish to PyPI | |
runs-on: ubuntu-latest | |
environment: | |
name: PyPI | |
url: ${{ steps.set_url.outputs.env_url }} | |
if: "startsWith(github.ref, 'refs/tags/')" | |
needs: [ build, build-musl ] | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: | |
name: wheels | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Publish | |
run: | | |
pip install maturin | |
maturin upload --skip-existing * | |
- name: Set environment url | |
id: set_url | |
run: | | |
VERSION=$(echo $GITHUB_REF | sed -e "s#refs/tags/v##g") | |
echo "env_url=https://pypi.org/project/maturin/$VERSION" >> $GITHUB_OUTPUT | |
- name: Sigstore Sign | |
uses: sigstore/gh-action-sigstore-python@v2.1.0 | |
with: | |
inputs: ./*.tar.gz ./*.whl | |
upload-signing-artifacts: true | |
- name: Release signing artifacts | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: | | |
*.sig | |
*.crt | |
prerelease: ${{ contains(github.ref, 'alpha') || contains(github.ref, 'beta') }} | |
generate_release_notes: true | |
release-github: | |
permissions: | |
# Used to sign the release's artifacts with sigstore-python. | |
id-token: write | |
# Used to upload release artifacts. | |
contents: write | |
name: Publish to GitHub releases | |
runs-on: ubuntu-latest | |
if: "startsWith(github.ref, 'refs/tags/')" | |
needs: [ build, build-musl ] | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: | |
name: binaries | |
- name: Sigstore Sign | |
uses: sigstore/gh-action-sigstore-python@v2.1.0 | |
with: | |
inputs: ./*.tar.gz ./*.zip ./*.deb | |
upload-signing-artifacts: true | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: | | |
*.tar.gz | |
*.zip | |
*.deb | |
*.sig | |
*.crt | |
prerelease: ${{ contains(github.ref, 'alpha') || contains(github.ref, 'beta') }} | |
generate_release_notes: true |