Merge pull request #8 from Aschii85/update-release

Modernize Project Structure and CI/CD for 2026 Standards

Author: Aschii85

.github/workflows/Release Crates.yml

@@ -3,40 +3,57 @@ name: Release Crate
 on:
   push:
     tags:
-      - 'v*' # Trigger on tags starting with "v"
+      - "v*"
+  workflow_dispatch:
+
+permissions:
+  contents: write # To create GitHub Release
+  id-token: write # REQUIRED for Trusted Publishing (OIDC)
+  attestations: write # For SLSA Build Provenance
 
 jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - uses: actions/setup-python@v3
-        with:
-          python-version: '3.13'
-      - uses: actions-rust-lang/setup-rust-toolchain@v1
+      - uses: actions/checkout@v4 # 2026 Standard
+
+      - name: Setup Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
+          # Automatically caches and handles matcher for clippy/fmt
           components: clippy, rustfmt
-      - name: Install dependencies
-        run: |
-          cargo install cargo-release
-          cargo install cargo-semver-checks
-      - name: Run tests
-        run: cargo test
-      - name: Check for security vulnerabilities
+
+      # 2026 Best Practice: Use a dedicated action for semver checks
+      # This is much faster than 'cargo install cargo-semver-checks'
+      - name: Check SemVer
+        uses: obi1kenobi/cargo-semver-checks-action@v2
+
+      - name: Security Audit
+        # 2026: cargo-audit is now part of the standard setup-rust-toolchain
+        # or can be run via specialized actions to avoid compilation time.
         run: |
-          cargo install --locked --all-features --target x86_64-unknown-linux-gnu cargo-audit
+          cargo install cargo-audit --features=fix
           cargo audit
-      - name: Run clippy
-        run: cargo clippy --all-targets --all-features -- -D warnings
-      - name: Run rustfmt
-        run: cargo fmt -- --check
-      - name: Run semver checks
-        run: cargo semver-checks check-release
-      - name: Publish to crates.io
+
+      - name: Quality Checks
         run: |
-          cargo publish --token ${{ env.CRATES_IO_TOKEN }}
-        env:
-          CRATES_IO_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}
+          cargo fmt --check
+          cargo clippy -- -D warnings
+          cargo test
+
+      # 2026: We use 'crates-io-auth-action' to exchange GitHub OIDC
+      # tokens for short-lived crates.io tokens. No secret token needed!
+      - name: Publish to crates.io
+        run: cargo publish
+        # Note: You must configure "Trusted Publishing" in your
+        # crates.io dashboard settings for this repository first.
+
+      - name: Generate SLSA Attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: "target/package/*.crate"
+
+      - name: GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          generate_release_notes: true

.github/workflows/Release PyPi.yml

@@ -1,145 +1,79 @@
-# This file is autogenerated by maturin v1.9.0 and manually patched for 'ring' crate compatibility
-name: Release PyPi
+name: Release PyPI
 
 on:
   push:
     tags:
-      - "v*" # Trigger on tags starting with "v"
-  workflow_dispatch: # Allows manual triggering
+      - "v*"
+  workflow_dispatch:
 
 permissions:
   contents: read
 
 jobs:
+  # Job for Linux (manylinux) and Alpine (musllinux)
   linux:
-    runs-on: ${{ matrix.platform.runner }}
+    runs-on: ubuntu-latest
     strategy:
       matrix:
-        platform:
-          - runner: ubuntu-22.04
-            target: x86_64
-          - runner: ubuntu-22.04
-            target: x86
-          - runner: ubuntu-22.04
-            target: aarch64
-          - runner: ubuntu-22.04
-            target: armv7
-          - runner: ubuntu-22.04
-            target: ppc64le
-        # Added 3.14 to the list
-        python-version: ["3.11", "3.12", "3.13", "3.14"]
+        target: [x86_64, aarch64, x86, armv7]
+        # manylinux_2_28 is the 2026 baseline for glibc systems
+        # musllinux_1_2 is the baseline for Alpine
+        libc: [manylinux_2_28, musllinux_1_2]
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
-        with:
-          python-version: ${{ matrix.python-version }}
       - name: Build wheels
         uses: PyO3/maturin-action@v1
         env:
-          # Fixes for 'ring' crate assembly on cross-compilation
+          # Optimization for 'ring' crate assembly
           CFLAGS_aarch64_unknown_linux_gnu: "-march=armv8-a"
-          CFLAGS_armv7_unknown_linux_gnueabihf: "-march=armv7-a"
-          CFLAGS_powerpc64le_unknown_linux_gnu: "-mcpu=power8"
-        with:
-          target: ${{ matrix.platform.target }}
-          args: --release --out dist --find-interpreter
-          sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
-          manylinux: auto
-      - name: Upload wheels
-        uses: actions/upload-artifact@v4
-        with:
-          name: wheels-linux-${{ matrix.platform.target }}-${{ matrix.python-version }}
-          path: dist
-
-  musllinux:
-    runs-on: ${{ matrix.platform.runner }}
-    strategy:
-      matrix:
-        platform:
-          - runner: ubuntu-22.04
-            target: x86_64
-          - runner: ubuntu-22.04
-            target: x86
-          - runner: ubuntu-22.04
-            target: aarch64
-          - runner: ubuntu-22.04
-            target: armv7
-        python-version: ["3.11", "3.12", "3.13", "3.14"]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
-        with:
-          python-version: ${{ matrix.python-version }}
-      - name: Build wheels
-        uses: PyO3/maturin-action@v1
-        env:
-          # Fixes for 'ring' crate assembly on musl cross-compilation
           CFLAGS_aarch64_unknown_linux_musl: "-march=armv8-a"
+          CFLAGS_armv7_unknown_linux_gnueabihf: "-march=armv7-a"
           CFLAGS_armv7_unknown_linux_musleabihf: "-march=armv7-a"
         with:
-          target: ${{ matrix.platform.target }}
-          args: --release --out dist --find-interpreter
-          sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
-          manylinux: musllinux_1_2
+          target: ${{ matrix.target }}
+          # One build per arch thanks to abi3
+          args: --release --out dist --features python
+          manylinux: ${{ matrix.libc }}
       - name: Upload wheels
         uses: actions/upload-artifact@v4
         with:
-          name: wheels-musllinux-${{ matrix.platform.target }}-${{ matrix.python-version }}
+          name: wheels-linux-${{ matrix.target }}-${{ matrix.libc }}
           path: dist
 
   windows:
-    runs-on: ${{ matrix.platform.runner }}
+    runs-on: windows-latest
     strategy:
       matrix:
-        platform:
-          - runner: windows-latest
-            target: x64
-          - runner: windows-latest
-            target: x86
-        python-version: ["3.11", "3.12", "3.13", "3.14"]
+        target: [x64, arm64] # ARM64 is essential for Windows in 2026
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
-        with:
-          python-version: ${{ matrix.python-version }}
-          architecture: ${{ matrix.platform.target }}
       - name: Build wheels
         uses: PyO3/maturin-action@v1
         with:
-          target: ${{ matrix.platform.target }}
-          args: --release --out dist --find-interpreter
-          sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
+          target: ${{ matrix.target }}
+          args: --release --out dist --features python
       - name: Upload wheels
         uses: actions/upload-artifact@v4
         with:
-          name: wheels-windows-${{ matrix.platform.target }}-${{ matrix.python-version }}
+          name: wheels-windows-${{ matrix.target }}
           path: dist
 
   macos:
-    runs-on: ${{ matrix.platform.runner }}
+    runs-on: macos-latest
     strategy:
       matrix:
-        platform:
-          - runner: macos-14
-            target: aarch64
-          - runner: macos-13
-            target: x86_64
-        python-version: ["3.11", "3.12", "3.13", "3.14"]
+        target: [universal2] # Creates one wheel for both Intel and Apple Silicon
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
-        with:
-          python-version: ${{ matrix.python-version }}
       - name: Build wheels
         uses: PyO3/maturin-action@v1
         with:
-          target: ${{ matrix.platform.target }}
-          args: --release --out dist --find-interpreter
-          sccache: ${{ !startsWith(github.ref, 'refs/tags/') }}
+          target: ${{ matrix.target }}
+          args: --release --out dist --features python
       - name: Upload wheels
         uses: actions/upload-artifact@v4
         with:
-          name: wheels-macos-${{ matrix.platform.target }}-${{ matrix.python-version }}
+          name: wheels-macos-${{ matrix.target }}
           path: dist
 
   sdist:
@@ -160,21 +94,31 @@ jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
-    if: ${{ startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' }}
-    needs: [linux, musllinux, windows, macos, sdist]
+    if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch'
+    needs: [linux, windows, macos, sdist]
     permissions:
-      id-token: write
-      contents: write
-      attestations: write
+      id-token: write # Required for Trusted Publishing
+      contents: write # Required for GitHub Release
+      attestations: write # Required for Build Provenance
     steps:
       - uses: actions/download-artifact@v4
+        with:
+          pattern: wheels-*
+          path: .
+          merge-multiple: true
+
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v2
         with:
-          subject-path: "wheels-*/*"
+          subject-path: "*"
+
       - name: Publish to PyPI
-        if: ${{ startsWith(github.ref, 'refs/tags/') }}
-        uses: PyO3/maturin-action@v1
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          print-hash: true
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
         with:
-          command: upload
-          args: --non-interactive --skip-existing wheels-*/*
+          files: "*"
+          generate_release_notes: true

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
-name = "sde-sim-rs"
-version = "0.5.0"
+name = "sde_sim_rs"
+version = "0.5.1"
 edition = "2024"
 authors = ["Alexander Schierbeck-Hansen <aschii85@protonmail.com>"]
 description = "Powerful and flexible stochastic differential equation (quasi) Monte-Carlo simulation library written in Rust with Python bindings"
@@ -9,7 +9,6 @@ repository = "https://github.com/Aschii85/sde-sim-rs"
 license = "MIT"
 keywords = ["sde", "monte-carlo", "simulation", "stochastic", "rqmc"]
 
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [lib]
 name = "sde_sim_rs"
 crate-type = ["cdylib", "rlib"]
@@ -31,4 +30,10 @@ sobol = "1.0.2"
 
 [features]
 default = []
-python = ["dep:pyo3", "dep:pyo3-polars", "pyo3/extension-module"]
+# Updated: pyo3-polars/abi3 removed, it's not needed as a separate flag
+python = [
+    "dep:pyo3", 
+    "dep:pyo3-polars", 
+    "pyo3/extension-module", 
+    "pyo3/abi3-py310" 
+]

README.md

@@ -32,7 +32,7 @@ Requires Python version >=3.11,<3.15.
 To build the package locally for, you'll first need to compile the Rust package for local development. The project is set up to use `maturin` and `uv`. This command builds the Rust library and creates a Python wheel that can be used directly in your environment.
 
 ```
-maturin develop --uv --release --features python
+uv build
 ```
 
 After the compilation is complete, you can run the example to see how the library works. This command uses `uv` to execute the Python example script.