-
Notifications
You must be signed in to change notification settings - Fork 0
162 lines (145 loc) · 6.49 KB
/
release-core.yml
File metadata and controls
162 lines (145 loc) · 6.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
# Copyright © 2025–2026 Stefano Noferi & Admina contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Release pipeline — admina-core (Rust accelerator).
#
# Split from release.yml because PyPI Trusted Publishers had a transient
# issue accepting two pending publishers from the same workflow file
# under the same account. Two distinct workflow filenames sidestep the
# problem (PyPI tracks publishers per workflow, not just per repo).
#
# ── PyPI authentication ────────────────────────────────────────────────────
# Configure the trusted publisher on pypi.org once:
#
# https://pypi.org/manage/account/publishing/ → Add pending publisher
# PyPI Project Name: admina-core
# Owner: admina-org
# Repository name: admina
# Workflow name: release-core.yml (this file)
# Environment name: pypi-core
#
# The matching trusted publisher for admina-framework is configured for
# release.yml (the other workflow).
#
# ── How to cut a release ───────────────────────────────────────────────────
# Both workflows share the same tag pattern, so a single tag triggers
# both pipelines in parallel:
#
# git tag -a v0.9.0 -m "v0.9.0"
# git push origin v0.9.0
name: Release admina-core
on:
push:
tags: ["v*.*.*"]
concurrency:
group: release-core-${{ github.ref }}
cancel-in-progress: false
permissions:
contents: read
id-token: write # to publish via PyPI Trusted Publishers (OIDC)
jobs:
# ── 1. Sanity check: tag matches pyproject version ──────────────────────
check-version:
name: Check tag matches core-rust/pyproject.toml version
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Verify version alignment
run: |
TAG="${GITHUB_REF_NAME#v}"
CORE_VER=$(python3 -c "import tomllib; print(tomllib.load(open('core-rust/pyproject.toml','rb'))['project']['version'])")
echo "tag=$TAG core=$CORE_VER"
if [ "$TAG" != "$CORE_VER" ]; then
echo "::error::Tag $TAG does not match core-rust/pyproject version $CORE_VER"
exit 1
fi
# ── 2. Build admina-core wheels (Rust extension) ────────────────────────
build-core-wheels:
name: admina-core wheel (${{ matrix.target }})
needs: check-version
strategy:
fail-fast: false
matrix:
# macos-13 (x86_64 Intel) runners are extremely scarce on the GitHub
# free tier — jobs can queue for hours. Mac Intel users install from
# the sdist (requires a local Rust toolchain). Apple Silicon (M-series)
# and Linux (x86_64 + aarch64) ship as prebuilt wheels.
# To re-enable Mac Intel wheels later, restore the macos-13 entry
# below or move to the paid `macos-13-large` runner.
include:
- { os: ubuntu-latest, target: x86_64-unknown-linux-gnu, maturin-target: x86_64, manylinux: auto }
- { os: ubuntu-latest, target: aarch64-unknown-linux-gnu, maturin-target: aarch64, manylinux: auto }
- { os: macos-14, target: aarch64-apple-darwin, maturin-target: aarch64, manylinux: off }
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Build wheels (maturin)
uses: PyO3/maturin-action@e83996d129638aa358a18fbd1dfb82f0b0fb5d3b # v1
with:
working-directory: core-rust
target: ${{ matrix.maturin-target }}
# `abi3-py311` in core-rust/Cargo.toml emits a single Stable-ABI
# wheel that works on Python 3.11+. Build only against 3.11; the
# resulting cp311-abi3 wheel will install on 3.11, 3.12, 3.13, ...
args: --release --out dist --interpreter 3.11
manylinux: ${{ matrix.manylinux }}
sccache: "true"
- name: Upload wheel artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: admina-core-wheel-${{ matrix.target }}
path: core-rust/dist/*.whl
if-no-files-found: error
retention-days: 7
# ── 3. Build admina-core sdist (for platforms without pre-built wheels) ─
build-core-sdist:
name: admina-core sdist
needs: check-version
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Build sdist (maturin)
uses: PyO3/maturin-action@e83996d129638aa358a18fbd1dfb82f0b0fb5d3b # v1
with:
working-directory: core-rust
command: sdist
args: --out dist
- name: Upload sdist artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: admina-core-sdist
path: core-rust/dist/*.tar.gz
if-no-files-found: error
retention-days: 7
# ── 4. Publish admina-core to PyPI ──────────────────────────────────────
publish-core:
name: Publish admina-core to PyPI
needs: [build-core-wheels, build-core-sdist]
runs-on: ubuntu-latest
environment:
name: pypi-core
url: https://pypi.org/project/admina-core/
steps:
- name: Download all admina-core artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: admina-core-*
path: dist
merge-multiple: true
- name: List artifacts
run: ls -la dist/
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
with:
packages-dir: dist/
skip-existing: true