-
Notifications
You must be signed in to change notification settings - Fork 30
106 lines (91 loc) · 3.54 KB
/
conda-pack.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
name: Build native conda environments
on:
release:
types: [published]
workflow_dispatch:
jobs:
build:
strategy:
matrix:
os: [ubuntu-latest, macos-latest, macos-13, windows-latest]
python-version: ["3.10"]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v2
- uses: conda-incubator/setup-miniconda@v3
with:
activate-environment: wake
auto-update-conda: true
python-version: ${{ matrix.python-version }}
- name: Install dependencies
shell: bash -el {0}
run: |
python -m pip install .
echo "VERSION=$(wake --version)" >> $GITHUB_ENV
conda install -c conda-forge conda-pack -y
- name: Set up variables
id: vars
shell: bash -el {0}
run: |
OS=$(echo ${{ runner.os }} | tr '[:upper:]' '[:lower:]')
ARCH=$(echo ${{ runner.arch }} | tr '[:upper:]' '[:lower:]')
echo "FILENAME=wake-${{ env.VERSION }}-${OS}-${ARCH}.tar.gz" >> $GITHUB_ENV
echo "OS=${OS}" >> $GITHUB_ENV
echo "ARCH=${ARCH}" >> $GITHUB_ENV
- name: Pack conda environment
shell: bash -el {0}
run: |
conda-pack -n wake -o ${{ env.FILENAME }}
- name: Sign Python binary on MacOS
if: runner.os == 'macOS'
run: |
security create-keychain -p "temp" build.keychain
curl -O https://www.apple.com/certificateauthority/DeveloperIDG2CA.cer
security import DeveloperIDG2CA.cer -k build.keychain
echo "${{ secrets.CONDA_MACOS_SIGNING_KEY }}" | base64 --decode > signing_certificate.p12
security import signing_certificate.p12 -P "" -T /usr/bin/codesign -k build.keychain
mkdir wake-conda
tar -xzf ${{ env.FILENAME }} --directory wake-conda
security default-keychain -s build.keychain
security set-key-partition-list -S apple-tool:,apple: -s -k "temp" build.keychain > /dev/null
security unlock-keychain -p "temp" build.keychain
codesign --force -s "${{ secrets.CONDA_MACOS_SIGNING_IDENTITY }}" ./wake-conda/bin/python
tar -czf ${{ env.FILENAME }} -C wake-conda .
security delete-keychain build.keychain
rm signing_certificate.p12
- name: Generate checksum Linux & Windows
if: runner.os != 'macOS'
run: |
sha256sum ${{ env.FILENAME }} > ${{ env.FILENAME }}.sha256
- name: Generate checksum MacOS
if: runner.os == 'macOS'
run: |
shasum -a 256 ${{ env.FILENAME }} > ${{ env.FILENAME }}.sha256
- name: Generate signature
run: |
echo "${{ secrets.CONDA_PRIVATE_KEY }}" > key.pem
openssl dgst -sha256 -sign key.pem -out ${{ env.FILENAME }}.sha256.sig ${{ env.FILENAME }}.sha256
- name: Auth to Google Storage
uses: 'google-github-actions/auth@v2'
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
- name: Upload tarball
uses: 'google-github-actions/upload-cloud-storage@v2'
with:
path: '${{ env.FILENAME }}'
destination: 'wake-conda'
headers: |-
x-goog-meta-version: ${{ env.VERSION }}
x-goog-meta-os: ${{ env.OS }}
x-goog-meta-arch: ${{ env.ARCH }}
x-goog-meta-python: ${{ matrix.python-version }}
- name: Upload checksum
uses: 'google-github-actions/upload-cloud-storage@v2'
with:
path: ${{ env.FILENAME }}.sha256
destination: 'wake-conda'
- name: Upload signature
uses: 'google-github-actions/upload-cloud-storage@v2'
with:
path: ${{ env.FILENAME }}.sha256.sig
destination: 'wake-conda'