IsolationKernel · xhan97 · Mar 2, 2025 · Mar 2, 2025 · Mar 2, 2025
diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
@@ -1,157 +1,119 @@
-name: pypi
+name: Publish Python 🐍 distribution 📦 to PyPI and TestPyPI
 
-on:
-  workflow_dispatch:
-  push:
-    tags:
-      - "*"
+on: push
 
 jobs:
-  build_linux_wheels:
-    name: Build ${{ matrix.linux_tag }} wheels with cp${{ matrix.python-version }}
+  build:
+    name: Build distribution 📦
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        linux_tag: ["manylinux", "musllinux"]
-        python-version: ["310", "311", "312", "313"]
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          platforms: all
-      - name: Build wheels
-        uses: pypa/[email protected]
-        timeout-minutes: 720
-        env:
-          CIBW_BUILD: "cp${{ matrix.python-version }}-${{ matrix.linux_tag }}_*"
-          CIBW_ARCHS_LINUX: "x86_64 i686 aarch64"
-          CIBW_SKIP: "*-musllinux_i686"
-          CIBW_MANYLINUX_X86_64_IMAGE: "manylinux2014"
-          CIBW_MANYLINUX_I686_IMAGE: "manylinux2014"
-          CIBW_MANYLINUX_AARCH64_IMAGE: "manylinux2014"
-          CIBW_MUSLLINUX_X86_64_IMAGE: "musllinux_1_1"
-          CIBW_MUSLLINUX_I686_IMAGE: "musllinux_1_1"
-          CIBW_MUSLLINUX_AARCH64_IMAGE: "musllinux_1_1"
-          CIBW_ENVIRONMENT: 'PATH="$HOME/.cargo/bin:$PATH"'
-          CIBW_ENVIRONMENT_LINUX: 'PATH="$HOME/.cargo/bin:$PATH" CARGO_NET_GIT_FETCH_WITH_CLI="true"'
-          CIBW_BEFORE_BUILD: >
-            rustup default nightly &&
-            rustup show
-          CIBW_BEFORE_BUILD_LINUX: >
-            curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain=nightly --profile=minimal -y &&
-            rustup show
-      - uses: actions/upload-artifact@v4
-        with:
-          name: artifact-${{ matrix.linux_tag }}-cp${{ matrix.python-version }}
-          path: ./wheelhouse/*.whl
-
-  build_macos_wheels:
-    name: Build wheels on ${{ matrix.os }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [macos-13, macos-14]
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up rust
-        uses: dtolnay/rust-toolchain@stable
-        with:
-          toolchain: nightly
-      - run: rustup target add aarch64-apple-darwin && rustup target add x86_64-apple-darwin
-      - name: Build wheels
-        uses: pypa/[email protected]
-        timeout-minutes: 720
-        env:
-          CIBW_BUILD: "cp310-* cp311-* cp312-* cp313-*"
-          CIBW_ARCHS_MACOS: "universal2"
-          # arm64 and universal2 wheels are tagged with x86_64 because there's an issue with Poetry
-          # More information here: https://cibuildwheel.readthedocs.io/en/stable/faq/#how-to-cross-compile (CTRL + F "poetry")
-          # https://github.com/pypa/cibuildwheel/issues/1415
-          CIBW_REPAIR_WHEEL_COMMAND_MACOS: >
-            ls {dest_dir} &&
-            delocate-wheel --require-archs {delocate_archs} -w {dest_dir} -v {wheel} &&
-            for file in {dest_dir}/*.whl ; do mv $file ${file//x86_64/universal2} ; done
-          CIBW_ENVIRONMENT: 'PATH="$HOME/.cargo/bin:$PATH"'
-          CIBW_BEFORE_BUILD: >
-            rustup default nightly &&
-            rustup show
-      - uses: actions/upload-artifact@v4
-        with:
-          name: artifact-${{ matrix.os }}
-          path: ./wheelhouse/*.whl
 
-  build_windows_wheels:
-    name: Build wheels on ${{ matrix.os }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [windows-2019, windows-2022]
     steps:
-      - uses: actions/checkout@v4
-      - name: Set up rust
-        uses: dtolnay/rust-toolchain@stable
-        with:
-          toolchain: nightly
-      - run: rustup toolchain install stable-i686-pc-windows-msvc
-      - run: rustup target add i686-pc-windows-msvc
-      - name: Build wheels
-        uses: pypa/[email protected]
-        timeout-minutes: 720
-        env:
-          CIBW_BUILD: "cp310-* cp311-* cp312-* cp313-*"
-          CIBW_ARCHS_WINDOWS: "AMD64 x86"
-          CIBW_ENVIRONMENT: 'PATH="$HOME/.cargo/bin:$PATH"'
-          CIBW_ENVIRONMENT_WINDOWS: 'PATH="$UserProfile\.cargo\bin;$PATH"'
-          CIBW_BEFORE_BUILD: >
-            rustup default nightly &&
-            rustup show
-      - uses: actions/upload-artifact@v4
-        with:
-          name: artifact-${{ matrix.os }}
-          path: ./wheelhouse/*.whl
+    - uses: actions/checkout@v4
+      with:
+        persist-credentials: false
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.x"
+    - name: Install pypa/build
+      run: >-
+        python3 -m
+        pip install
+        build
+        --user
+    - name: Build a binary wheel and a source tarball
+      run: python3 -m build
+    - name: Store the distribution packages
+      uses: actions/upload-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
 
-  build_sdist:
-    name: Build source distribution
-    # Can't use more than 12 jobs in parallel
-    needs: [build_macos_wheels]
+  publish-to-pypi:
+    name: >-
+      Publish Python 🐍 distribution 📦 to PyPI
+    if: startsWith(github.ref, 'refs/tags/')  # only publish to PyPI on tag pushes
+    needs:
+    - build
     runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
+    environment:
+      name: pypi
+      url: https://pypi.org/p/pyikt  # Replace pyikt with your PyPI project name
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
 
-      - name: Build River
-        uses: ./.github/actions/install-env
-        with:
-          python-version: "3.13"
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Publish distribution 📦 to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
 
-      - name: Build dist
-        run: poetry build
+  github-release:
+    name: >-
+      Sign the Python 🐍 distribution 📦 with Sigstore
+      and upload them to GitHub Release
+    needs:
+    - publish-to-pypi
+    runs-on: ubuntu-latest
 
-      - uses: actions/upload-artifact@v4
-        with:
-          name: artifact-sdist
-          path: dist/*.tar.gz
+    permissions:
+      contents: write  # IMPORTANT: mandatory for making GitHub Releases
+      id-token: write  # IMPORTANT: mandatory for sigstore
 
-  merge_artifacts:
-    runs-on: ubuntu-latest
-    needs: [build_linux_wheels, build_macos_wheels, build_windows_wheels, build_sdist]
     steps:
-      - name: Merge Artifacts
-        uses: actions/upload-artifact/merge@v4
-        with:
-          name: artifact
-          pattern: artifact-*
+    - name: Download all the dists
+      uses: actions/download-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Sign the dists with Sigstore
+      uses: sigstore/[email protected]
+      with:
+        inputs: >-
+          ./dist/*.tar.gz
+          ./dist/*.whl
+    - name: Create GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: >-
+        gh release create
+        "$GITHUB_REF_NAME"
+        --repo "$GITHUB_REPOSITORY"
+        --notes ""
+    - name: Upload artifact signatures to GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      # Upload to GitHub Release using the `gh` CLI.
+      # `dist/` contains the built packages, and the
+      # sigstore-produced signatures and certificates.
+      run: >-
+        gh release upload
+        "$GITHUB_REF_NAME" dist/**
+        --repo "$GITHUB_REPOSITORY"
 
-  upload_pypi:
-    needs: merge_artifacts
+  publish-to-testpypi:
+    name: Publish Python 🐍 distribution 📦 to TestPyPI
+    needs:
+    - build
     runs-on: ubuntu-latest
-    steps:
-      - uses: actions/[email protected]
-        with:
-          name: artifact
-          path: dist
 
-      - uses: pypa/[email protected]
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}
+    environment:
+      name: testpypi
+      url: https://test.pypi.org/p/pyikt
+
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Publish distribution 📦 to TestPyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
+      with:
+        repository-url: https://test.pypi.org/legacy/
diff --git a/README.md b/README.md
@@ -160,13 +160,12 @@ If you use pyikt for a scientific publication, we would appreciate citations to
 ```
 @software{PyIKT,
 author = {Xin Han, Yixiao Ma, Ye Zhu, and Kaiming Ting},
-title = {PyIKT},
-version = {0.2.0},
-month = {11},
-year = {2024},
+title = {PyIKT：A Python Library for Isolation Kernel Toolkit},
+version = {0.1.0},
+month = {3},
+year = {2025},
 license = {BSD-3-Clause},
-url = {https://pyikt.org/},
-doi = {10.5281/zenodo.8382788}
+url = {https://github.com/IsolationKernel/pyikt}
 }
 ```
 

diff --git a/docs/README.md b/docs/README.md
@@ -160,13 +160,12 @@ If you use pyikt for a scientific publication, we would appreciate citations to
 ```
 @software{PyIKT,
 author = {Xin Han, Yixiao Ma, Ye Zhu, and Kaiming Ting},
-title = {PyIKT},
-version = {0.2.0},
-month = {11},
-year = {2024},
+title = {PyIKT：A Python Library for Isolation Kernel Toolkit},
+version = {0.1.0},
+month = {3},
+year = {2025},
 license = {BSD-3-Clause},
-url = {https://pyikt.org/},
-doi = {10.5281/zenodo.8382788}
+url = {https://github.com/IsolationKernel/pyikt}
 }
 ```