1+ name : Build and Publish Wheels
2+
3+ on :
4+ push :
5+ tags :
6+ - " v*"
7+ workflow_dispatch :
8+
9+ # ✦ Concurrency: Prevents race conditions during release
10+ concurrency :
11+ group : release-${{ github.ref }}
12+ cancel-in-progress : false
13+
14+ permissions :
15+ contents : read
16+
17+ jobs :
18+ build-wheels :
19+ name : Build wheels on ${{ matrix.os }}
20+ runs-on : ${{ matrix.os }}
21+ strategy :
22+ matrix :
23+ os : [ubuntu-latest, macos-latest, windows-latest]
24+
25+ steps :
26+ - uses : actions/checkout@v4
27+
28+ - uses : actions/setup-python@v5
29+ with :
30+ python-version : " 3.10"
31+
32+ - name : Rust Cache
33+ uses : Swatinem/rust-cache@v2
34+ with :
35+ key : ${{ matrix.os }}
36+
37+ - name : Build wheels
38+ uses : PyO3/maturin-action@v1
39+ with :
40+ command : build
41+ # ✦ Added --sdist: Only needs to be generated once,
42+ # but safe to include in the args; maturin handles it.
43+ args : --release --strip -o dist ${{ matrix.os == 'ubuntu-latest' && '--sdist' || '' }}
44+ manylinux : auto
45+
46+ - name : Upload artifacts
47+ uses : actions/upload-artifact@v4
48+ with :
49+ name : wheels-${{ matrix.os }}
50+ path : dist
51+
52+ publish :
53+ name : Publish to PyPI
54+ needs : build-wheels
55+ runs-on : ubuntu-latest
56+ # ✦ Restrict publish: Only tags on the main repo can trigger this
57+ if : startsWith(github.ref, 'refs/tags/v') && github.repository == 'etsi-ai/etna'
58+
59+ environment : release
60+ permissions :
61+ id-token : write # Required for OIDC/Trusted Publishers
62+
63+ steps :
64+ - uses : actions/download-artifact@v4
65+ with :
66+ pattern : wheels-*
67+ merge-multiple : true
68+ path : dist
69+
70+ - name : Publish to PyPI
71+ uses : PyO3/maturin-action@v1
72+ with :
73+ command : publish
74+ args : --skip-existing dist/*
75+ # env:
76+ # MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
0 commit comments