Skip to content

CI/CD: Cross-Platform Wheel Build & Secure PyPI Publishing#76

Merged
debug-soham merged 1 commit intoetsi-ai:mainfrom
akshajtiwari:wheel
Feb 12, 2026
Merged

CI/CD: Cross-Platform Wheel Build & Secure PyPI Publishing#76
debug-soham merged 1 commit intoetsi-ai:mainfrom
akshajtiwari:wheel

Conversation

@akshajtiwari
Copy link
Contributor

@akshajtiwari akshajtiwari commented Feb 11, 2026
edited by Aamod007
Loading

Fixes

Closes: #74

Type of Change

  • Bug fix
  • New feature
  • Documentation / Refactor
  • Math / Logic correction

Description

Polished and optimized the GitHub Actions workflow for building and publishing Python wheels via Maturin.
Key improvements include:

  • Rust Caching: Integrated Swatinem/rust-cache to significantly reduce build times by caching the target/ directory and Cargo dependencies.
  • Workflow Streamlining: Unified the build matrix to handle Linux (manylinux), macOS, and Windows under a single logic block using maturin-action.
  • Security & OIDC: Prepared the workflow for Trusted Publishing (OIDC), removing the need for long-lived PyPI tokens and implementing a release environment.
  • Robustness: Added concurrency controls to prevent race conditions and restricted publishing to the main repository to prevent unauthorized releases from forks.
  • Source Distribution: Added logic to automatically generate and upload an sdist during the Linux build phase.

How Has This Been Tested?

  • Unit Tests: Ran existing or new test scripts.
  • Manual Testing: Verified the workflow triggers on tags and successfully bundles artifacts into a unified dist/ folder.
  • Integration: Confirmed the download-artifact step correctly merges multi-platform wheels for the publish job.

Screenshots / Logs

Workflow successfully validated across Arch Linux and macOS runners.

Arch Linux

arch-testing

macOS

image

Contribution Context

  • I am contributing through the SWOC program.

Maintainer Instructions

To finalize this setup, please complete these steps:

  1. Create the Environment:

    • Go to Settings > Environments in this repo.
    • Click New environment and name it release.
    • (Recommended) Required Reviewers: Add yourself or a lead maintainer as a required reviewer.
    • Note: This ensures that even after a tag is pushed, the package will not be published to PyPI until a maintainer manually clicks "Approve" on the GitHub Actions page for that specific run.

  2. Connect to PyPI (OIDC):

    • Go to your project settings on PyPI.org.
    • Navigate to Publishing and add a new GitHub Publisher.
    • Use the following exact values:
      • Owner: etsi-ai
      • Repository: etna
      • Workflow: release.yml
      • Environment: release
    • (Keep the variable names exactly as mentioned above)

  3. API Token (Alternative):

    • I have included the traditional API token logic in the code as a fallback, but I have commented it out.
    • This is because OIDC (Step 2) is more secure and removes the tedious task of managing long-lived secrets.
    • Changes can be made to uncomment these lines if you specifically request to use the old token method.

  4. Trigger a Release:

    • Simply push a tag starting with v (e.g., git tag v0.1.0 && git push origin v0.1.0).

@github-actions github-actions bot added the SWoC26 Contributions specifically for the Social Winter of Code program. label Feb 11, 2026
@github-actions
Copy link

github-actions bot commented Feb 11, 2026

Thank you for opening this PR! Our automated system is currently verifying the PR requirements.
Internal Discussion: Discord

@github-actions
Copy link

github-actions bot commented Feb 11, 2026

Validation Successful!

This pull request has been verified and linked to issue #74. The system is now synchronizing metadata from the referenced issue. Kindly await maintainer review of your changes.

@github-actions github-actions bot added area: infra CI/CD pipelines, GitHub Actions, and repository infrastructure. feature New ML layers or API functionality. Medium Requires good codebase knowledge. testing Improving test coverage and CI/CD. labels Feb 11, 2026
@github-actions
Copy link

github-actions bot commented Feb 11, 2026

Validation Successful!

This pull request has been verified and linked to issue #74. The system is now synchronizing metadata from the referenced issue. Kindly await maintainer review of your changes.

2 similar comments
@github-actions
Copy link

github-actions bot commented Feb 12, 2026

Validation Successful!

This pull request has been verified and linked to issue #74. The system is now synchronizing metadata from the referenced issue. Kindly await maintainer review of your changes.

@github-actions
Copy link

github-actions bot commented Feb 12, 2026

Validation Successful!

This pull request has been verified and linked to issue #74. The system is now synchronizing metadata from the referenced issue. Kindly await maintainer review of your changes.

Aamod007
Aamod007 approved these changes Feb 12, 2026
View reviewed changes
Copy link
Collaborator

@Aamod007 Aamod007 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's Good

  • Multi-platform builds (Linux, macOS, Windows)
  • Proper OIDC security
  • ABI3 support
  • All tests pass (28 Rust tests)

Great Work

debug-soham
debug-soham approved these changes Feb 12, 2026
View reviewed changes
Copy link
Contributor

@debug-soham debug-soham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent work!

@debug-soham debug-soham merged commit 725803b into etsi-ai:main Feb 12, 2026
6 checks passed
@github-actions
Copy link

github-actions bot commented Feb 12, 2026

This PR has been successfully merged. We appreciate your effort in improving the library and look forward to your future contributions to the Etsi AI ecosystem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Aamod007 Aamod007 Aamod007 approved these changes

@debug-soham debug-soham debug-soham approved these changes

@Arsh123344423 Arsh123344423 Awaiting requested review from Arsh123344423

@Romit23 Romit23 Awaiting requested review from Romit23

@Satyamgupta2365 Satyamgupta2365 Awaiting requested review from Satyamgupta2365

@SrishtiSonam SrishtiSonam Awaiting requested review from SrishtiSonam

Assignees

@akshajtiwari akshajtiwari

Labels

area: infra CI/CD pipelines, GitHub Actions, and repository infrastructure. feature New ML layers or API functionality. Medium Requires good codebase knowledge. SWoC26 Contributions specifically for the Social Winter of Code program. testing Improving test coverage and CI/CD.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Automated cross-platform wheel build and PyPI release via GitHub Actions

3 participants

@akshajtiwari @Aamod007 @debug-soham