Update pyproject.toml #226
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - 'v*' | |
| env: | |
| MAIN_PYTHON_VERSION: '3.12' | |
| DOCUMENTATION_CNAME: ansys.github.io/aali-flowkit-python | |
| PACKAGE_NAME: aali-flowkit-python | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: write | |
| packages: write | |
| jobs: | |
| code-style: | |
| name: "Code style checks" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Run PyAnsys code style checks" | |
| uses: ansys/actions/code-style@v9 | |
| smoke-tests: | |
| name: Build and Smoke tests | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ['3.12'] | |
| include: | |
| # ── Linux | |
| - os: ubuntu-latest | |
| goos: linux | |
| goarch: amd64 | |
| platform: linux_amd64 | |
| ext: "" | |
| - os: ubuntu-latest | |
| goos: linux | |
| goarch: arm64 | |
| platform: linux_arm64 | |
| ext: "" | |
| # ── Windows | |
| - os: windows-latest | |
| goos: windows | |
| goarch: amd64 | |
| platform: windows_amd64 | |
| ext: ".exe" | |
| - os: windows-latest | |
| goos: windows | |
| goarch: arm64 | |
| platform: windows_arm64 | |
| ext: ".exe" | |
| # ── macOS | |
| - os: macos-latest | |
| goos: darwin | |
| goarch: amd64 | |
| platform: macos_amd64 | |
| ext: "" | |
| - os: macos-latest | |
| goos: darwin | |
| goarch: arm64 | |
| platform: macos_arm64 | |
| ext: "" | |
| steps: | |
| - name: Build wheelhouse and perform smoke test | |
| uses: ansys/actions/build-wheelhouse@v9 | |
| with: | |
| library-name: ${{ env.PACKAGE_NAME }} | |
| operating-system: ${{ matrix.os }} | |
| python-version: ${{ matrix.python-version }} | |
| whitelist-license-check: "attrs" # This has MIT license but fails the check | |
| mendscan-sca: | |
| name: Mend Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '11' | |
| distribution: 'adopt' | |
| - name: Mend Unified Agent Scan | |
| env: | |
| WS_APIKEY: '${{secrets.MEND_API_KEY}}' | |
| WS_USERKEY: '${{ secrets.MEND_USER_KEY }}' | |
| WS_WSS_URL: 'https://app.whitesourcesoftware.com/agent' | |
| WS_PRODUCTNAME: 'AnsysAali' | |
| WS_PROJECTNAME: ${{github.event.repository.name}} | |
| WS_GENERATEPROJECTDETAILSJSON: true | |
| WS_GENERATESCANREPORT: true | |
| WS_FILESYSTEMSCAN: true | |
| WS_CHECKPOLICIES: true | |
| WS_FORCECHECKALLDEPENDENCIES: true | |
| WS_SCANREPORTFILENAMEFORMAT: static | |
| WS_FORCEUPDATE_FAILBUILDONPOLICYVIOLATION : true | |
| WS_PYTHON_REQUIREMENTSFILEINCLUDES: "pyproject.toml" | |
| run: | | |
| echo Downloading Mend Unified Agent | |
| curl -LJO https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar | |
| if [[ "$(curl -sL https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar.sha256)" != "$(sha256sum wss-unified-agent.jar)" ]] ; then | |
| echo "Integrity Check Failed" | |
| else | |
| echo "Integrity Check Passed" | |
| echo Starting Unified Agent Scan | |
| java -jar wss-unified-agent.jar -loglevel debug | |
| fi | |
| docs-style: | |
| name: Documentation Style Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: PyAnsys documentation style checks | |
| uses: ansys/actions/doc-style@v9 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| docs-build: | |
| name: Documentation Build | |
| runs-on: ubuntu-latest | |
| needs: [docs-style] | |
| steps: | |
| - name: "Run Ansys documentation building action" | |
| uses: ansys/actions/doc-build@v9 | |
| with: | |
| add-pdf-html-docs-as-assets: true | |
| upload_dev_docs: | |
| name: Upload dev documentation | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| needs: [docs-build] | |
| steps: | |
| - name: Deploy the latest documentation | |
| uses: ansys/actions/doc-deploy-dev@v9 | |
| with: | |
| cname: ${{ env.DOCUMENTATION_CNAME }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tests: | |
| name: "Tests" | |
| runs-on: ${{ matrix.os }} | |
| needs: [smoke-tests] | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, windows-latest] | |
| python-version: ['3.12'] | |
| fail-fast: false | |
| steps: | |
| - name: Testing | |
| uses: ansys/actions/tests-pytest@v9 | |
| timeout-minutes: 12 | |
| - name: Upload coverage results (HTML) | |
| uses: actions/upload-artifact@v4 | |
| if: (matrix.python-version == env.MAIN_PYTHON_VERSION) && (runner.os == 'Linux') | |
| with: | |
| name: coverage-html | |
| path: .cov/html | |
| retention-days: 7 | |
| upload_docs_release: | |
| name: Upload release documentation | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| steps: | |
| - name: Deploy the stable documentation | |
| uses: ansys/actions/doc-deploy-stable@v9 | |
| with: | |
| cname: ${{ env.DOCUMENTATION_CNAME }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| release-docker: | |
| name : Generate Docker release | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
| needs: [release] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check if tag name contains 'dev' | |
| run: echo "IS_DEV_TAG=$(echo ${{ github.ref_name }} | grep -q 'dev' && echo 'true' || echo 'false')" >> $GITHUB_ENV | |
| - name: Decompose tag into components | |
| if: env.IS_DEV_TAG == 'false' | |
| run: | | |
| if [[ ${{ github.ref_name }} =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| # Split the tag into its components | |
| IFS='.' read -ra PARTS <<< "${{ github.ref_name }}" | |
| echo "X=${PARTS[0]}" >> $GITHUB_ENV | |
| echo "Y=${PARTS[1]}" >> $GITHUB_ENV | |
| echo "Z=${PARTS[2]}" >> $GITHUB_ENV | |
| else | |
| echo "Invalid tag format. Expected vX.Y.Z but got ${{ github.ref_name }}" | |
| exit 1 | |
| fi | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| if: env.IS_DEV_TAG == 'false' | |
| with: | |
| context: . | |
| file: docker/Dockerfile | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: | | |
| ghcr.io/${{ github.repository }}:${{ env.X }} , | |
| ghcr.io/${{ github.repository }}:${{ env.X }}.${{ env.Y }} , | |
| ghcr.io/${{ github.repository }}:${{ env.X }}.${{ env.Y }}.${{ env.Z }} , | |
| ghcr.io/${{ github.repository }}:latest | |
| - name: Build and push Docker image dev | |
| if: env.IS_DEV_TAG == 'true' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: docker/Dockerfile | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: | | |
| ghcr.io/${{ github.repository }}:${{ github.ref_name }} | |
| binaries: | |
| name : Create binaries | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
| needs: [docs-build, tests] | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # ── Linux | |
| - os: ubuntu-latest | |
| goos: linux | |
| goarch: amd64 | |
| platform: linux_amd64 | |
| ext: "" | |
| - os: ubuntu-latest | |
| goos: linux | |
| goarch: arm64 | |
| platform: linux_arm64 | |
| ext: "" | |
| # ── Windows | |
| - os: windows-latest | |
| goos: windows | |
| goarch: amd64 | |
| platform: windows_amd64 | |
| ext: ".exe" | |
| - os: windows-latest | |
| goos: windows | |
| goarch: arm64 | |
| platform: windows_arm64 | |
| ext: ".exe" | |
| # ── macOS | |
| - os: macos-latest | |
| goos: darwin | |
| goarch: amd64 | |
| platform: macos_amd64 | |
| ext: "" | |
| - os: macos-latest | |
| goos: darwin | |
| goarch: arm64 | |
| platform: macos_arm64 | |
| ext: "" | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| - name: Install dependencies | |
| run: pip install .[all] | |
| - name: Install PyInstaller | |
| run: pip install pyinstaller | |
| - name: Attempt to build executable | |
| id: first-attempt | |
| run: > | |
| pyinstaller src/aali/flowkit/__main__.py --onefile | |
| --name ${{ github.event.repository.name }}_${{ matrix.platform }}_${{ github.ref_name }}${{ matrix.ext }} | |
| --copy-metadata ${{ github.event.repository.name }} | |
| --hidden-import uvicorn --collect-all uvicorn | |
| --distpath build/dist --workpath build/build --specpath build | |
| continue-on-error: true | |
| - name: Modify spec file and retry build | |
| if: steps.first-attempt.outcome == 'failure' | |
| run: | | |
| echo "import sys ; sys.setrecursionlimit(sys.getrecursionlimit() * 5)" >> ${{ github.event.repository.name }}_${{ matrix.platform }}_${{ github.ref_name }}${{ matrix.ext }}.spec | |
| pyinstaller ${{ github.event.repository.name }}_${{ matrix.platform }}_${{ github.ref_name }}${{ matrix.ext }}.spec | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.platform }}_binaries | |
| path: build/dist/${{ github.event.repository.name }}_${{ matrix.platform }}_* | |
| sign-windows-binaries: | |
| name: Sign Windows binaries | |
| needs: [binaries] | |
| runs-on: | |
| group: ansys-network | |
| labels: [self-hosted, Windows, signtool] | |
| steps: | |
| - name: Checkout SignTool | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ansys-internal/signtool-ansys-apps | |
| token: ${{ secrets.SIGNTOOL_ACCESS_TOKEN }} | |
| - name: Download Windows artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: windows_*_binaries | |
| path: signtool/installer | |
| - name: List contents | |
| run: ls -R signtool/installer | |
| - name: Create dist directory | |
| shell: pwsh | |
| run: mkdir -p signtool/installer/dist | |
| - name: Sign Windows executables | |
| working-directory: signtool | |
| shell: pwsh | |
| run: | | |
| # collect every .exe that came from the download‑artifact step | |
| $files = Get-ChildItem installer -Recurse -Filter "*.exe" | |
| if ($files.Count -eq 0) { | |
| Write-Error "❌ No Windows executables found in signtool/installer — signing aborted." | |
| exit 1 # → step fails → job fails → workflow fails | |
| } | |
| # Create dist directory if it doesn't exist | |
| if (!(Test-Path installer/dist)) { | |
| New-Item -ItemType Directory -Path installer/dist | |
| } | |
| foreach ($file in $files) { | |
| $jobname = $file.BaseName | |
| $destFile = "installer/dist/$($file.Name)" | |
| .\Ansys.SignClient.exe sign --signUrl https://csign.ansys.com -r gh_signtool_account -s '${{ secrets.SIGNTOOL_PWD }}' -n $jobname -i $file.FullName -o $file.FullName | |
| # Copy the signed file to the dist directory | |
| Copy-Item -Path $file.FullName -Destination $destFile | |
| } | |
| - name: Upload signed Windows artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: windows-binaries-signed | |
| path: signtool/installer/dist/* | |
| if-no-files-found: error | |
| check-tag: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags') | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.MAIN_PYTHON_VERSION }} | |
| cache: pip | |
| - id: get-tag-version | |
| run: echo "TAG_VERSION=$(echo ${{ github.ref_name }} | cut -dv -f2 -)" | tee "$GITHUB_OUTPUT" | |
| - name: check package versions match tag | |
| run: | | |
| pip install '.[ci]' | |
| python .ci/check_version_match.py --semver ${{ steps.get-tag-version.outputs.TAG_VERSION }} --pypi-metadata ${{ env.PACKAGE_NAME }} | |
| - name: Check if tag is on main branch | |
| run: git branch -r --contains ${{ github.ref_name }} | grep origin/main | |
| release: | |
| needs: [check-tag, sign-windows-binaries] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Create a directory to collect all binaries | |
| - name: Create release directory | |
| run: mkdir -p release_files | |
| # Download all artifacts to the release directory | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| pattern: "*_binaries*" | |
| path: release_files | |
| merge-multiple: true | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: windows-binaries-signed | |
| path: release_files | |
| # Delete unsigned Windows binaries | |
| - name: Drop unsigned Windows binaries | |
| run: rm -rf release_files/windows_*_binaries | |
| # List all files for verification | |
| - name: Verify collected binaries | |
| run: | | |
| echo "▼ release_files contains:" | |
| find release_files -type f | sort | |
| # Create GitHub release with all files | |
| - name: Create GitHub release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| generate_release_notes: true | |
| fail_on_unmatched_files: false | |
| files: | | |
| release_files/**/${{ github.event.repository.name }}_*_${{ github.ref_name }}* | |
| main-repo-release: | |
| name: Update main aali repo and create release | |
| needs: [release, release-docker] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout aali repository | |
| run: | | |
| git clone --branch main https://${{ secrets.PYANSYS_CI_BOT_TOKEN }}@github.com/ansys/aali.git | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'aali/scripts/releasehelper/go.mod' | |
| - name: Run tag script | |
| run: | | |
| cd aali/scripts/releasehelper | |
| go run main.go "tag" ${{ github.ref_name }} ${{ secrets.PYANSYS_CI_BOT_TOKEN }} | |
| - name: Commit and push to aali | |
| run: | | |
| cd aali | |
| git config --global user.email '${{ github.actor }}@users.noreply.github.com' | |
| git config --global user.name '${{ github.actor }}' | |
| git commit -a -m 'New release triggered by ${{ github.event.repository.name }}' | |
| git push origin main | |
| - name: Run release script | |
| run: | | |
| cd aali/scripts/releasehelper | |
| go run main.go "release" ${{ github.ref_name }} ${{ secrets.PYANSYS_CI_BOT_TOKEN }} |