Skip to content

Bump certifi from 2024.6.2 to 2024.7.4 #214

Bump certifi from 2024.6.2 to 2024.7.4

Bump certifi from 2024.6.2 to 2024.7.4 #214

Workflow file for this run

name: build
on:
pull_request:
push:
branches:
- master
workflow_dispatch:
jobs:
test:
runs-on: ubuntu-latest
strategy:
# By default, GitHub will maximize the number of jobs run in parallel
# depending on the available runners on GitHub-hosted virtual machines.
# max-parallel: 8
fail-fast: false
matrix:
python-version:
- "3.8"
- "3.9"
- "3.10"
- "3.11"
- "3.12"
env:
TOXENV: ${{ matrix.tox-env }}
TOX_SKIP_MISSING_INTERPRETERS: False
steps:
- uses: actions/checkout@v4
- name: Run pre-commit hook
uses: pre-commit/action@v3.0.1
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Upgrade pip version
run: pip install -U pip
- name: Install test dependencies
run: pip install tox tox-gh-actions poetry==1.4.0
- name: Run tox
run: tox
make-wheels:
name: Make ${{ matrix.os }} ${{ matrix.cibw_arch }} wheels
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: ["ubuntu-latest"]
cibw_arch: ["native"]
cibw_build: ["cp38-* cp39-* cp310-* cp311-* cp312-*"]
fail-fast: false
steps:
- name: "Checkout repo"
uses: actions/checkout@v4
- name: Install poetry
run: pip install poetry
- name: "Build wheels"
uses: pypa/cibuildwheel@v2.20.0
with:
output-dir: dist
env:
CIBW_MANYLINUX_X86_64_IMAGE: manylinux2014
CIBW_BUILD: ${{ matrix.cibw_build }}
CIBW_SKIP: "*musllinux*"
CIBW_ARCHS: ${{ matrix.cibw_arch }}
CIBW_BUILD_FRONTEND: pip
CIBW_BEFORE_ALL_LINUX: yum install -y libffi-devel clang make
CIBW_BUILD_VERBOSITY: 1
- name: "Upload wheel as artifact"
uses: actions/upload-artifact@v4
with:
name: artifact-${{ matrix.os }}-${{ matrix.cibw_arch }}-wheel
path: "./**/dist/*.whl"
make-sdist:
name: Make source distribution
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install poetry
run: pip install poetry
- run: poetry build -f sdist
- uses: actions/upload-artifact@v4
with:
name: artifact-source-dist
path: "./**/dist/*.tar.gz"
publish:
runs-on: ubuntu-latest
# Note: only run, when test publishing worked
needs: [test, make-wheels, make-sdist]
if: endsWith(github.ref, '/master')
permissions:
id-token: write
contents: write
steps:
- name: "Checkout repo"
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
- name: Upgrade pip version
run: pip install -U pip
- name: Install poetry
run: pip install poetry
- name: Fetch version
id: fetch_version
run: echo "version_nr=$(poetry version -s)" >> $GITHUB_OUTPUT
- name: Download all artifacts
uses: actions/download-artifact@v4
- name: Copy artifacts to dist/ folder
run: |
find . -name 'artifact-*' -exec unzip '{}' \;
mkdir -p dist/
find . -name '*.tar.gz' -exec mv '{}' dist/ \;
find . -name '*.whl' -exec mv '{}' dist/ \;
ls -lR dist/
- name: Test PyPI Publishing
# TODO separate step to test publishing before merging to main
# NOTE: PRs from forks fail due to: "missing or insufficient OIDC token permissions,
# the ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variable was unset"
# -> test publishing cannot be triggered in PRs?!
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.TEST_PYPI_DEPLOYMENT_API_KEY }}
repository-url: https://test.pypi.org/legacy/
skip-existing: true
- name: Create GitHub Release
id: create_gh_release
uses: ncipollo/release-action@v1
env:
VERSION: ${{ steps.fetch_version.outputs.version_nr }}
with:
tag: ${{env.VERSION}}
name: Release ${{env.VERSION}}
draft: false
prerelease: false
skipIfReleaseExists: true
- name: PyPI Publishing
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_DEPLOYMENT_API_KEY }}
skip-existing: true