ci: Refactor wheel packaging workflows

[zhanglei1949]

Enable macos building

Greptile Summary

This PR refactors the wheel-packaging CI to enable macOS builds by activating previously disabled build_wheels_macos_x86_64 and build_wheels_macos_aarch64 jobs, upgrading their runner images from macos-13/macos-14 to macos-15-intel/macos-15, and fixing nproc → sysctl -n hw.ncpu for macOS CPU detection. It also adds a tags: 'v*' push trigger to build-wheel.yml, sprinkles a rm -rf /__w/_tool/Python cleanup step across self-hosted runner jobs in multiple workflows, and fixes a Bash array syntax bug in scripts/install_deps.sh.

Key concerns:

• The newly added tags: 'v*' trigger is paired with the existing paths filter. GitHub evaluates paths for tag pushes against the tagged commit's diff — if a release tag points to a commit that only bumps a version file not in the paths list (e.g., NEUG_VERSION), the wheel workflow will silently not run and no release wheels will be published.
• Both macOS jobs now use if: true, which runs expensive GitHub-hosted macOS runners on every PR and every push to main — not just on release tags or workflow_dispatch as the commented-out condition intended.
• MACOSX_DEPLOYMENT_TARGET=10.15 is set in the ARM64 macOS job; macOS 10.15 predates Apple Silicon and the minimum valid target for ARM64 is 11.0.
• The macOS jobs in build-nightly-wheel.yml were not updated and will be broken (wrong runner images, nproc on macOS, wrong deployment target) when they are re-enabled.

Confidence Score: 2/5

• Not safe to merge without addressing the paths+tags interaction that risks silently skipping release wheel builds, and the MACOSX_DEPLOYMENT_TARGET=10.15 mismatch on ARM64.
• Multiple issues affect correctness of the release pipeline: the paths filter paired with tags: 'v*' can silently prevent wheel builds on version tags; MACOSX_DEPLOYMENT_TARGET=10.15 is architecturally invalid for ARM64; and if: true will incur unnecessary macOS runner costs on every PR. The scripts/install_deps.sh fix and self-hosted cleanup steps are correct improvements.
• .github/workflows/build-wheel.yml requires the most attention — specifically the paths/tags trigger interaction and the ARM64 deployment target. .github/workflows/build-nightly-wheel.yml macOS jobs also need to be brought in sync before they are re-enabled.

Important Files Changed

Filename	Overview
.github/workflows/build-wheel.yml	Enables macOS wheel builds by switching runner images and if: false → if: true; introduces a tags: 'v*' push trigger whose paths filter could silently suppress the workflow on release tag pushes; if: true runs expensive macOS runners on every PR and push to main; MACOSX_DEPLOYMENT_TARGET=10.15 is set for the ARM64 job where 11.0 is required.
.github/workflows/build-nightly-wheel.yml	Adds self-hosted runner Python-cache cleanup steps to both Linux jobs (correct); macOS jobs remain disabled but are not updated to match the runner/build changes made in build-wheel.yml — they will be broken when enabled.
.github/workflows/build-extensions.yml	Adds rm -rf /__w/_tool/Python cleanup step before actions/setup-python in the two self-hosted Linux jobs; both jobs use runs-on: [self-hosted, linux, ...] so the step is correctly targeted.
.github/workflows/build-image.yml	Cosmetic change: runs-on: [ubuntu-22.04] (single-element array) → runs-on: ubuntu-22.04 (scalar); no functional impact.
.github/workflows/neug-test.yml	Adds rm -rf /__w/_tool/Python cleanup step to the build_and_test job, which runs on a [self-hosted] runner; step is correctly scoped to self-hosted infra.
scripts/install_deps.sh	Bug fix: corrects the Bash array declaration from ("xsimd", "cmake") (which produced a stray trailing comma on the first element, causing brew install xsimd, to fail) to ("xsimd" "cmake").

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Push / PR / workflow_dispatch] --> B{Event type?}

    B -->|push to main + paths match| C[Linux x86_64\nself-hosted]
    B -->|push to main + paths match| D[Linux ARM64\nself-hosted]
    B -->|push v* tag + paths match| C
    B -->|push v* tag + paths match| D
    B -->|if: true — all events| E[macOS x86_64\nmacos-15-intel]
    B -->|if: true — all events| F[macOS ARM64\nmacos-15]
    B -->|pull_request + paths match| C
    B -->|pull_request + paths match| D

    C --> G[Clean /__w/_tool/Python]
    D --> H[Clean /__w/_tool/Python]

    G --> I[Setup Python 3.13]
    H --> J[Setup Python 3.13\nif runner.name != arm64-1]

    E --> K[Install deps\nscripts/install_deps.sh]
    F --> L[Install deps\nscripts/install_deps.sh]

    I --> M[cibuildwheel]
    J --> M
    K --> M
    L --> M

    M --> N[Upload .whl artifact]
    N --> O{Publish condition}
    O -->|main push OR v* tag| P[PyPI publish]
    O -->|otherwise| Q[skip]

    E --> R[test_wheels_macos_x86_64\nmacos-15-intel]
    F --> S[test_wheels_macos_aarch64\nmacos-15]
    N --> R
    N --> S

Loading

Comments Outside Diff (3)

1. .github/workflows/build-wheel.yml, line 221-227 (link)

   nproc unavailable on macOS — build will fail

   The "Build wheels" step for build_wheels_macos_x86_64 calls export CMAKE_BUILD_PARALLEL_LEVEL=$(nproc), but nproc is a Linux-only utility and does not exist on macOS runners. When the shell encounters $(nproc), it will exit with "command not found" and the entire step will fail, preventing any macOS wheel from being built.

   The "Prepare for macos" step (a few steps above) already sets CMAKE_BUILD_PARALLEL_LEVEL correctly via $(sysctl -n hw.ncpu) and exports it into $GITHUB_ENV. The export line in this step both overrides that value and breaks the build. It should be removed.

   The same issue exists in build_wheels_macos_aarch64 at line 302–308.

2. .github/workflows/build-wheel.yml, line 210-215 (link)

   Invalid GitHub Actions expression syntax in echo

   Line 213 uses {{ env.MACOSX_DEPLOYMENT_TARGET }} (Jinja/Helm-style), but GitHub Actions expressions require the ${{ ... }} syntax. As written, this echo will literally print MACOSX_DEPLOYMENT_TARGET={{ env.MACOSX_DEPLOYMENT_TARGET }} instead of the actual value. While this is only a debug print and does not break the build, it produces misleading output.

   The same issue occurs at line 294 in the build_wheels_macos_aarch64 job.

3. .github/workflows/build-nightly-wheel.yml, line 173-197 (link)

   Nightly macOS jobs not updated to match build-wheel.yml

   The build_wheels_macos_x86_64 and build_wheels_macos_aarch64 jobs in this file still target macos-13 / macos-14 and use nproc (unavailable on macOS) in their "Build wheels" step. The equivalent jobs in build-wheel.yml were updated to macos-15-intel / macos-15 and sysctl -n hw.ncpu. While these jobs are currently disabled (if: false), they will be broken when re-enabled.

   The macOS aarch64 job at line 254 also still sets MACOSX_DEPLOYMENT_TARGET=10.15 — incorrect for ARM64 (should be 11.0), and both macOS jobs still have the unfixed {{ env.MACOSX_DEPLOYMENT_TARGET }} echo (missing the `Enable macos building

Greptile Summary

This PR refactors the wheel-packaging CI to enable macOS builds by activating previously disabled build_wheels_macos_x86_64 and build_wheels_macos_aarch64 jobs, upgrading their runner images from macos-13/macos-14 to macos-15-intel/macos-15, and fixing nproc → sysctl -n hw.ncpu for macOS CPU detection. It also adds a tags: 'v*' push trigger to build-wheel.yml, sprinkles a rm -rf /__w/_tool/Python cleanup step across self-hosted runner jobs in multiple workflows, and fixes a Bash array syntax bug in scripts/install_deps.sh.

Key concerns:

• The newly added tags: 'v*' trigger is paired with the existing paths filter. GitHub evaluates paths for tag pushes against the tagged commit's diff — if a release tag points to a commit that only bumps a version file not in the paths list (e.g., NEUG_VERSION), the wheel workflow will silently not run and no release wheels will be published.
• Both macOS jobs now use if: true, which runs expensive GitHub-hosted macOS runners on every PR and every push to main — not just on release tags or workflow_dispatch as the commented-out condition intended.
• MACOSX_DEPLOYMENT_TARGET=10.15 is set in the ARM64 macOS job; macOS 10.15 predates Apple Silicon and the minimum valid target for ARM64 is 11.0.
• The macOS jobs in build-nightly-wheel.yml were not updated and will be broken (wrong runner images, nproc on macOS, wrong deployment target) when they are re-enabled.

Confidence Score: 2/5

• Not safe to merge without addressing the paths+tags interaction that risks silently skipping release wheel builds, and the MACOSX_DEPLOYMENT_TARGET=10.15 mismatch on ARM64.
• Multiple issues affect correctness of the release pipeline: the paths filter paired with tags: 'v*' can silently prevent wheel builds on version tags; MACOSX_DEPLOYMENT_TARGET=10.15 is architecturally invalid for ARM64; and if: true will incur unnecessary macOS runner costs on every PR. The scripts/install_deps.sh fix and self-hosted cleanup steps are correct improvements.
• .github/workflows/build-wheel.yml requires the most attention — specifically the paths/tags trigger interaction and the ARM64 deployment target. .github/workflows/build-nightly-wheel.yml macOS jobs also need to be brought in sync before they are re-enabled.

Important Files Changed

Filename	Overview
.github/workflows/build-wheel.yml	Enables macOS wheel builds by switching runner images and if: false → if: true; introduces a tags: 'v*' push trigger whose paths filter could silently suppress the workflow on release tag pushes; if: true runs expensive macOS runners on every PR and push to main; MACOSX_DEPLOYMENT_TARGET=10.15 is set for the ARM64 job where 11.0 is required.
.github/workflows/build-nightly-wheel.yml	Adds self-hosted runner Python-cache cleanup steps to both Linux jobs (correct); macOS jobs remain disabled but are not updated to match the runner/build changes made in build-wheel.yml — they will be broken when enabled.
.github/workflows/build-extensions.yml	Adds rm -rf /__w/_tool/Python cleanup step before actions/setup-python in the two self-hosted Linux jobs; both jobs use runs-on: [self-hosted, linux, ...] so the step is correctly targeted.
.github/workflows/build-image.yml	Cosmetic change: runs-on: [ubuntu-22.04] (single-element array) → runs-on: ubuntu-22.04 (scalar); no functional impact.
.github/workflows/neug-test.yml	Adds rm -rf /__w/_tool/Python cleanup step to the build_and_test job, which runs on a [self-hosted] runner; step is correctly scoped to self-hosted infra.
scripts/install_deps.sh	Bug fix: corrects the Bash array declaration from ("xsimd", "cmake") (which produced a stray trailing comma on the first element, causing brew install xsimd, to fail) to ("xsimd" "cmake").

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Push / PR / workflow_dispatch] --> B{Event type?}

    B -->|push to main + paths match| C[Linux x86_64\nself-hosted]
    B -->|push to main + paths match| D[Linux ARM64\nself-hosted]
    B -->|push v* tag + paths match| C
    B -->|push v* tag + paths match| D
    B -->|if: true — all events| E[macOS x86_64\nmacos-15-intel]
    B -->|if: true — all events| F[macOS ARM64\nmacos-15]
    B -->|pull_request + paths match| C
    B -->|pull_request + paths match| D

    C --> G[Clean /__w/_tool/Python]
    D --> H[Clean /__w/_tool/Python]

    G --> I[Setup Python 3.13]
    H --> J[Setup Python 3.13\nif runner.name != arm64-1]

    E --> K[Install deps\nscripts/install_deps.sh]
    F --> L[Install deps\nscripts/install_deps.sh]

    I --> M[cibuildwheel]
    J --> M
    K --> M
    L --> M

    M --> N[Upload .whl artifact]
    N --> O{Publish condition}
    O -->|main push OR v* tag| P[PyPI publish]
    O -->|otherwise| Q[skip]

    E --> R[test_wheels_macos_x86_64\nmacos-15-intel]
    F --> S[test_wheels_macos_aarch64\nmacos-15]
    N --> R
    N --> S

Loading

prefix).

Consider applying the same runner image, CPU-count, deployment-target, and echo fixes here before re-enabling these jobs.

_{Last reviewed commit: 96e8ffa}

Greptile also left 1 inline comment on this PR.

[zhanglei1949]

@greptile review this PR and update the PR summary

[zhanglei1949]

@greptile

[zhanglei1949]

TODO: @zhanglei1949 Remove the if: true condition for all macos runners.