set trusted publishers #11
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Wheels | |
| on: | |
| pull_request: | |
| push: | |
| release: | |
| types: | |
| - published | |
| jobs: | |
| build_bdist: | |
| name: "Build ${{ matrix.os }} (${{ matrix.arch }}) wheels" | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 60 # should be long enough even on tags, but let's prevent hangs | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-22.04 | |
| arch: x86_64 | |
| - os: ubuntu-22.04 | |
| arch: aarch64 | |
| - os: windows-2022 | |
| arch: AMD64 | |
| - os: macos-14 | |
| arch: arm64 | |
| - os: macos-13 | |
| arch: x86_64 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| # For aarch64 support | |
| # https://cibuildwheel.pypa.io/en/stable/faq/#emulation | |
| - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 | |
| with: | |
| platforms: all | |
| if: runner.os == 'Linux' && matrix.arch == 'aarch64' | |
| - name: "Building ${{ matrix.os }} (${{ matrix.arch }}) wheels" | |
| uses: pypa/cibuildwheel@5f22145df44122af0f5a201f93cf0207171beca7 # v3.0.0 | |
| env: | |
| # Skips pypy and musllinux for now. | |
| CIBW_SKIP: "pp* cp36-* cp37-* cp38-* *-musllinux*" | |
| CIBW_ARCHS: ${{ matrix.arch }} | |
| CIBW_BUILD_FRONTEND: build | |
| CIBW_MANYLINUX_X86_64_IMAGE: manylinux2014 | |
| CIBW_TEST_REQUIRES: pytest pandas>=2 | |
| CIBW_TEST_COMMAND: > | |
| python -c "import gsw; print(f'gsw v{gsw.__version__}')" && | |
| python -m pytest --pyargs gsw | |
| - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: pypi-artifacts-${{ matrix.os }}-${{ matrix.arch }} | |
| path: ${{ github.workspace }}/wheelhouse/*.whl | |
| permissions: | |
| actions: write | |
| build_sdist: | |
| name: Build source distribution | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Build sdist | |
| run: > | |
| pip install build twine check-manifest | |
| && python -m build --sdist . --outdir dist | |
| && twine check dist/* | |
| && check-manifest --verbose | |
| - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: pypi-artifacts | |
| path: ${{ github.workspace }}/dist/*.tar.gz | |
| permissions: | |
| actions: write | |
| show-artifacts: | |
| needs: [build_bdist, build_sdist] | |
| name: "Show artifacts" | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| pattern: pypi-artifacts* | |
| path: ${{ github.workspace }}/dist | |
| merge-multiple: true | |
| - shell: bash | |
| run: | | |
| ls -l ${{ github.workspace }}/dist | |
| permissions: | |
| actions: none | |
| publish-artifacts-pypi: | |
| needs: [build_bdist, build_sdist] | |
| name: "Publish to PyPI" | |
| runs-on: ubuntu-22.04 | |
| # upload to PyPI for every tag starting with 'v' | |
| if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/v') | |
| steps: | |
| - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| pattern: pypi-artifacts* | |
| path: ${{ github.workspace }}/dist | |
| merge-multiple: true | |
| - name: Publish package distributions to PyPI | |
| uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 | |
| environment: | |
| name: release | |
| url: https://pypi.org/p/gsw | |
| permissions: | |
| id-token: write # IMPORTANT: this permission is mandatory for trusted publishing |