-
Notifications
You must be signed in to change notification settings - Fork 8
593 lines (534 loc) · 25.3 KB
/
make_bundle_conda.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
name: Conda
on:
pull_request:
branches:
- main
paths:
- 'build_installers.py'
- 'conda-recipe/*'
- '.github/workflows/make_bundle_conda.yml' # this file
- 'environments/ci_installers_environment.yml'
- 'environments/ci_packages_environment.yml'
workflow_call:
inputs:
event_name:
description: "The original github.event_name object in the caller workflow"
required: true
type: string
installer_platforms:
description: "Comma-separated string of conda-style platforms to build installers for. Defaults to all platforms available."
required: false
type: string
default: "linux-64,win-64,osx-64,osx-arm64"
secrets:
ANACONDA_TOKEN:
description: "The token used to upload conda packages to anaconda.org/napari"
APPLE_APPLICATION_CERTIFICATE_BASE64:
description: "Application certificate issued by Apple, base64-encoded. Used to sign executables inside the PKG, and required for notarization."
APPLE_INSTALLER_CERTIFICATE_BASE64:
description: "Installer certificate issued by Apple, base64-encoded. Used to sign the PKG."
APPLE_INSTALLER_CERTIFICATE_PASSWORD:
description: "Password that protects the Installer and Application certificates (same for both)."
APPLE_NOTARIZATION_USERNAME:
description: "Apple.com email address used to submit the notarization request to Apple servers"
APPLE_NOTARIZATION_PASSWORD:
description: "Password for the apple.com email address used in notarization requests."
TEMP_KEYCHAIN_PASSWORD:
description: "A password to temporarily create a keychain that stores the certificates (any value can do as long as it is a secret)"
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
ref:
description: "`napari/napari` will be checked out using this commit hash or git reference."
required: false
jobs:
packages:
name: Create packages
runs-on: ubuntu-latest
if: startsWith(github.repository, 'napari')
env:
conda_bld_suffix: /napari-feedstock/build_artifacts/
conda_build_config: linux_64_ # filename without extension under feedstock's .ci_support/
outputs:
artifact-id: ${{ steps.artifact-id.outputs.name }}
steps:
- name: Checkout packaging code
uses: actions/checkout@v4
with:
fetch-depth: 0
repository: napari/packaging
path: napari-packaging
# when debugging a non-main ref from an upstream PR
# e.g. uses: org/repo/workflow.yml@some-ref
# make sure to add that same reference here:
# ref: some-ref
- name: Checkout napari source
uses: actions/checkout@v4
with:
fetch-depth: 0
repository: napari/napari
path: napari-source
# if we are not on workflow_dispatch, then inputs is not defined -> use '' in that case
ref: ${{ github.event_name != 'workflow_dispatch' && '' || github.event.inputs.ref }}
- name: Checkout conda-forge feedstock
uses: actions/checkout@v4
with:
fetch-depth: 0
repository: conda-forge/napari-feedstock
path: napari-feedstock
- name: install micromamba
uses: mamba-org/setup-micromamba@v1
with:
environment-file: napari-packaging/environments/ci_packages_environment.yml
- name: Prevent issues with multiple tags
shell: bash -el {0}
if: github.event.inputs.ref || github.ref_type == 'tag'
working-directory: napari-source
run: |
set -x
ref=$(git log -1 --format='%H')
last_tag=$(git -c 'versionsort.suffix=rc' tag -l --points-at "$ref" --sort version:refname | tail -1)
for tag in $(git -c 'versionsort.suffix=rc' tag -l --points-at "$ref" --sort version:refname); do
if [[ $tag != $last_tag ]]; then
git tag --delete $tag
fi
done
- name: install napari
shell: bash -el {0}
working-directory: napari-source
run: |
set -x
pip install -e . --no-deps -vvv
napari_version=$(python -c 'from importlib.metadata import version; print(version("napari"))')
echo "NAPARI_VERSION=$napari_version" >> $GITHUB_ENV
echo "NAPARI_ARCH=$(python ../napari-packaging/build_installers.py --arch)" >> $GITHUB_ENV
- name: Patch and rerender feedstock
shell: bash -el {0}
working-directory: napari-feedstock
run: |
set -euxo pipefail
# rm recipe from conda-forge's feedstock and replace with our napari/packaging version
rm -rf recipe/
cp -r ../napari-packaging/conda-recipe recipe
sed -i -e "s|{% set version = \".*\" %}|{% set version = \"${NAPARI_VERSION}\" %}|" \
-e "s|{% set build = [0-9]+ %}|{% set build = 0 %}|" \
recipe/meta.yaml
# make sure the meta.yaml points to the local source, in case we break
# this when updating from upstream
grep -e "path: /home/conda" recipe/meta.yaml
conda-smithy rerender
git diff
mv ${GITHUB_WORKSPACE}/napari-source .
echo "DOCKER_IMAGE=$(shyaml -y get-value docker_image.0 < .ci_support/${conda_build_config}.yaml)" >> $GITHUB_ENV
- name: Run build scripts
shell: bash -el {0}
working-directory: napari-feedstock
env:
DOCKER_IMAGE: ${{ env.DOCKER_IMAGE }}
CONFIG: ${{ env.conda_build_config }}
CI: github_actions
CONDA_BLD_PATH: "${{ github.workspace }}${{ env.conda_bld_suffix }}"
run: |
./.scripts/run_docker_build.sh
- name: Export artifact identifier
id: artifact-id
run: |
name=pkgs-napari-${{ env.NAPARI_VERSION }}-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}
echo "name=${name}" >> $GITHUB_OUTPUT
- name: Upload packages as artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ steps.artifact-id.outputs.name }}
path: |
${{ github.workspace }}${{ env.conda_bld_suffix }}noarch/*.tar.bz2
${{ github.workspace }}${{ env.conda_bld_suffix }}noarch/*.conda
- name: Check token availability
run: |
if [[ -n "${{ secrets.ANACONDA_TOKEN }}" ]]; then
echo "ANACONDA_TOKEN_AVAILABLE=1" >> $GITHUB_ENV
fi
- name: Upload to anaconda.org
shell: bash -el {0}
# Only upload to anaconda.org/napari if it's a nightly (version with *dev* suffix)
# or a tag event (either RC or final). Nightlies and RCs go to the nightly channel.
if: env.ANACONDA_TOKEN_AVAILABLE && (inputs.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/v'))
run: |
label_args=""
if [[ $NAPARI_VERSION == *rc* || $NAPARI_VERSION == *dev* ]]; then
label_args="-l nightly"
fi
set -x
noarch_dir="${GITHUB_WORKSPACE}${conda_bld_suffix}noarch"
packages="$(find "$noarch_dir" -maxdepth 1 -type f \( -name '*.conda' -o -name '*.tar.bz2' \))"
anaconda \
-t ${{ secrets.ANACONDA_TOKEN }} \
upload \
--skip-existing \
-u napari \
$label_args \
$packages
prepare_matrix:
# See this SO answer for details on conditional matrices
# https://stackoverflow.com/a/65434401/3407590
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/setup-python@v5
with:
python-version: "3.9"
- name: Prepare matrix
id: set-matrix
shell: python
run: |
import os
import json
elements = [
{
"os": "ubuntu-latest",
"python-version": "3.9",
"target-platform": "linux-64",
},
{
"os": "macos-13",
"python-version": "3.9",
"target-platform": "osx-64",
},
{
"os": "macos-14",
"python-version": "3.9",
"target-platform": "osx-arm64",
},
{
"os": "windows-latest",
"python-version": "3.9",
"target-platform": "win-64",
},
]
platforms_str = "${{ inputs.installer_platforms || 'linux-64,win-64,osx-64,osx-arm64' }}"
platforms = {p.strip() for p in platforms_str.split(",")}
matrix = {"include": []}
for element in elements:
if element["target-platform"] in platforms:
matrix["include"].append(element)
with open(os.environ["GITHUB_OUTPUT"], "a") as f:
f.write(f"matrix={json.dumps(matrix)}\n")
installers:
permissions:
contents: write
name: Bundle ${{ matrix.target-platform }}
runs-on: ${{ matrix.os }}
needs: [packages, prepare_matrix]
if: startsWith(github.repository, 'napari')
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.prepare_matrix.outputs.matrix) }}
env:
GITHUB_TOKEN: ${{ github.token }}
DISPLAY: ":99.0"
CONDA_BLD_PATH: ${{ github.workspace }}/conda-bld
CONDA_NUMBER_CHANNEL_NOTICES: 0
outputs:
licenses-artifact: ${{ steps.licenses.outputs.licenses_artifact }}
pkgs-list-artifact: ${{ steps.pkgs-list.outputs.pkgs_list_artifact }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
repository: napari/packaging
path: napari-packaging
- name: Checkout napari/napari
uses: actions/checkout@v4
with:
fetch-depth: 0
repository: napari/napari
path: napari-source
ref: ${{ github.event_name != 'workflow_dispatch' && '' || github.event.inputs.ref }}
- name: install micromamba
uses: mamba-org/setup-micromamba@v1
with:
environment-file: napari-packaging/environments/ci_installers_environment.yml
create-args: python=${{ matrix.python-version }}
- name: Conda info
shell: bash -el {0}
run: |
set -x
conda info -a
conda config --show-sources
mkdir -p ${CONDA_BLD_PATH}/noarch
- name: Prevent issues with multiple tags
shell: bash -el {0}
if: github.event.inputs.ref || github.ref_type == 'tag'
working-directory: napari-source
run: |
set -x
ref=$(git log -1 --format='%H')
last_tag=$(git -c 'versionsort.suffix=rc' tag -l --points-at "$ref" --sort version:refname | tail -1)
for tag in $(git -c 'versionsort.suffix=rc' tag -l --points-at "$ref" --sort version:refname); do
if [[ $tag != $last_tag ]]; then
git tag --delete $tag
fi
done
- name: Install napari
shell: bash -el {0}
working-directory: napari-source
run: |
python -m pip install -e . --no-deps
# TEMPORARY
- name: Install dev constructor
shell: bash -el {0}
env:
SETUPTOOLS_SCM_PRETEND_VERSION: "3.10"
run: |
python -m pip install https://github.com/jaimergp/constructor/archive/refs/heads/nsis-log-stdout.zip --no-deps
- name: Download local build artifacts (napari)
uses: actions/download-artifact@v4
with:
name: ${{ needs.packages.outputs.artifact-id }}
path: ${{ env.CONDA_BLD_PATH }}/noarch
- name: Index local packages (if any)
shell: bash -el {0}
working-directory: napari-packaging
run: |
pkgs=$(shopt -s nullglob dotglob; echo "${CONDA_BLD_PATH}/noarch/*.tar.bz2" "${CONDA_BLD_PATH}/noarch/*.conda")
if (( ${#pkgs} )); then
conda index "${CONDA_BLD_PATH}"
conda search -c local --override-channels
echo CONSTRUCTOR_USE_LOCAL=1 >> $GITHUB_ENV
else
echo "No local packages found, assuming latest release"
fi
- name: get tag / arch-suffix / extension / artifact-name / conda-standalone
shell: bash -el {0}
working-directory: napari-packaging
run: |
VER=$(python build_installers.py --version --location=../napari-source)
echo "version=${VER}" >> $GITHUB_ENV
echo "Napari version: ${VER}"
INST_VER=$(python build_installers.py --installer-version)
echo "installer_version=${INST_VER}" >> $GITHUB_ENV
echo "Installer version: ${INST_VER}"
ARCH_SUFFIX=$(python build_installers.py --arch)
echo "arch-suffix=${ARCH_SUFFIX}" >> $GITHUB_ENV
echo "Machine: ${ARCH_SUFFIX}"
EXTENSION=$(python build_installers.py --ext)
echo "extension=${EXTENSION}" >> $GITHUB_ENV
echo "Extension: ${EXTENSION}"
ARTIFACT_NAME=$(python build_installers.py --artifact-name)
echo "artifact-name=${ARTIFACT_NAME}" >> $GITHUB_ENV
echo "Expected artifact name: ${ARTIFACT_NAME}"
- name: Check secrets availability
shell: bash
run: |
if [ -n '${{ secrets.APPLE_APPLICATION_CERTIFICATE_BASE64 }}' ] && \
[ -n '${{ secrets.APPLE_INSTALLER_CERTIFICATE_BASE64 }}' ] && \
[ -n '${{ secrets.APPLE_INSTALLER_CERTIFICATE_PASSWORD }}' ] && \
[ -n '${{ secrets.APPLE_NOTARIZATION_USERNAME }}' ] && \
[ -n '${{ secrets.APPLE_NOTARIZATION_PASSWORD }}' ] && \
[ -n '${{ secrets.TEMP_KEYCHAIN_PASSWORD }}' ]; then
echo "SIGNING_SECRETS_AVAILABLE=1" >> $GITHUB_ENV
fi
# instructions taken from
# https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development#add-a-step-to-your-workflow
- name: Load signing certificate (MacOS)
shell: bash -el {0}
# We only sign pushes to main, nightlies, RCs and final releases
if: >
runner.os == 'macOS'
&& env.SIGNING_SECRETS_AVAILABLE
&& (inputs.event_name == 'schedule' || inputs.event_name == 'push')
run: |
# create variables
INSTALLER_CERTIFICATE_PATH="$RUNNER_TEMP/installer_developer_cert.p12"
APPLICATION_CERTIFICATE_PATH="$RUNNER_TEMP/application_developer_cert.p12"
KEYCHAIN_PATH="$RUNNER_TEMP/installer-signing.keychain-db"
# import certificate and provisioning profile from secrets
echo -n "${{ secrets.APPLE_INSTALLER_CERTIFICATE_BASE64 }}" | /usr/bin/base64 --decode > $INSTALLER_CERTIFICATE_PATH
echo -n "${{ secrets.APPLE_APPLICATION_CERTIFICATE_BASE64 }}" | /usr/bin/base64 --decode > $APPLICATION_CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "${{ secrets.TEMP_KEYCHAIN_PASSWORD }}" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "${{ secrets.TEMP_KEYCHAIN_PASSWORD }}" $KEYCHAIN_PATH
# import certificate to keychain
security import $INSTALLER_CERTIFICATE_PATH -P ${{ secrets.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security import $APPLICATION_CERTIFICATE_PATH -P ${{ secrets.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# export identity name
signing_identity=$(security find-identity $KEYCHAIN_PATH | grep -m 1 -o '"Developer ID Installer.*"' | tr -d '"')
notarization_identity=$(security find-identity $KEYCHAIN_PATH | grep -m 1 -o '"Developer ID Application.*"' | tr -d '"')
echo "CONSTRUCTOR_SIGNING_IDENTITY=${signing_identity}" >> $GITHUB_ENV
echo "CONSTRUCTOR_NOTARIZATION_IDENTITY=${notarization_identity}" >> $GITHUB_ENV
# The conda environment might contain a totally different codesign
# which would clobber the Apple's codesign (the one we need)
_codesign=$(which codesign)
if [[ $_codesign =~ ${CONDA_PREFIX}.* ]]; then
mv "${_codesign}" "${_codesign}.in_conda_env"
fi
- name: Load signing certificate (Windows)
# We only sign pushes to main, nightlies, RCs and final releases
if: >
runner.os == 'Windows'
&& env.SIGNING_SECRETS_AVAILABLE
&& (inputs.event_name == 'schedule' || inputs.event_name == 'push')
# We are signing with Apple's certificate to provide _something_
# This is not trusted by Windows so the warnings are still there, but curious users
# will be able to check it's actually us if necessary
run: |
Set-Content -Path "${{ runner.temp }}/certificate.b64.txt" -Value '${{ secrets.APPLE_APPLICATION_CERTIFICATE_BASE64 }}'
certutil -decode "${{ runner.temp }}/certificate.b64.txt" "${{ runner.temp }}/certificate.pfx"
echo "CONSTRUCTOR_SIGNING_CERTIFICATE=${{ runner.temp }}/certificate.pfx" >> $Env:GITHUB_ENV
echo "CONSTRUCTOR_PFX_CERTIFICATE_PASSWORD=${{ secrets.APPLE_INSTALLER_CERTIFICATE_PASSWORD }}" >> $Env:GITHUB_ENV
echo "CONSTRUCTOR_SIGNTOOL_PATH=C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe" >> $Env:GITHUB_ENV
# TODO: Consider a refactor here; maybe an org action we can reuse or at least a script
- name: Make Bundle (Linux)
if: runner.os == 'Linux'
shell: bash -el {0}
working-directory: napari-packaging
run: |
echo "::group::Install apt dependencies"
sudo apt-get update
sudo apt-get install -y libdbus-1-3 libxkbcommon-x11-0 libxcb-icccm4 \
libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 \
libxcb-xinerama0 libxcb-xfixes0 libxcb-shape0 libqt5gui5
echo "::endgroup::"
xvfb-run --auto-servernum python build_installers.py --location=../napari-source
- name: Make Bundle (MacOS/Windows)
shell: bash -el {0}
if: runner.os != 'Linux'
working-directory: napari-packaging
run: python build_installers.py --location=../napari-source
- name: Collect licenses
id: licenses
shell: bash -el {0}
working-directory: napari-packaging
run: |
licenses_zip_path=$(python build_installers.py --licenses)
echo "LICENSES_ARTIFACT_PATH=$licenses_zip_path" >> $GITHUB_ENV
echo "LICENSES_ARTIFACT_NAME=$(basename ${licenses_zip_path})" >> $GITHUB_ENV
echo "licenses_artifact=${licenses_zip_path}" >> $GITHUB_OUTPUT
- name: Upload License Artifact
uses: actions/upload-artifact@v4
with:
path: ${{ env.LICENSES_ARTIFACT_PATH }}
name: ${{ env.LICENSES_ARTIFACT_NAME }}
- name: Collect list of packages
id: pkgs-list
shell: bash -el {0}
working-directory: napari-packaging
run: |
pkgs_list_zip_path=$(python build_installers.py --pkgs-list)
echo "PKGS_LIST_ARTIFACT_PATH=$pkgs_list_zip_path" >> $GITHUB_ENV
echo "PKGS_LIST_ARTIFACT_NAME=$(basename ${pkgs_list_zip_path})" >> $GITHUB_ENV
echo "pkgs_list_artifact=${pkgs_list_zip_path}" >> $GITHUB_OUTPUT
- name: Upload list of packages artifact
uses: actions/upload-artifact@v4
with:
path: ${{ env.PKGS_LIST_ARTIFACT_PATH }}
name: ${{ env.PKGS_LIST_ARTIFACT_NAME }}
- name: Notarize & staple PKG Installer (macOS)
# We only sign pushes to main, nightlies, RCs and final releases
if: >
runner.os == 'macOS'
&& env.SIGNING_SECRETS_AVAILABLE
&& (inputs.event_name == 'schedule' || inputs.event_name == 'push')
env:
INSTALLER_PATH: ${{ github.workspace }}/napari-packaging/_work/napari-${{ env.version }}-${{ runner.os }}-${{ env.arch-suffix }}.${{ env.extension }}
# See https://keith.github.io/xcode-man-pages/notarytool.1.html for auth options
APPLE_NOTARIZATION_USERNAME: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
# This needs to be an application-specific password
APPLE_NOTARIZATION_PASSWORD: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
# 10 alphanumeric characters available in the AppleID UI
APPLE_NOTARIZATION_TEAM_ID: ${{ secrets.APPLE_NOTARIZATION_TEAM_ID }}
run: |
set -euxo pipefail
# Check signatures. If this fails, there's no point.
pkgutil --check-signature "$INSTALLER_PATH"
# Submit for notarization to Apple servers
json_output_file="$RUNNER_TEMP/$(basename "$INSTALLER_PATH").notarization.json"
set +e
xcrun notarytool submit "$INSTALLER_PATH" \
--apple-id "$APPLE_NOTARIZATION_USERNAME" \
--password "$APPLE_NOTARIZATION_PASSWORD" \
--team-id "$APPLE_NOTARIZATION_TEAM_ID" \
--output-format json \
--wait \
--timeout 30m \
| tee "$json_output_file"
notary_exit_code=$?
set -e
if [[ $notary_exit_code != 0 ]]; then
submission_id=$(jq -r '.id' "$json_output_file")
xcrun notarytool log "$submission_id" \
--apple-id "$APPLE_NOTARIZATION_USERNAME" \
--password "$APPLE_NOTARIZATION_PASSWORD" \
--team-id "$APPLE_NOTARIZATION_TEAM_ID"
exit $notary_exit_code
fi
# Staple
xcrun stapler staple --verbose "$INSTALLER_PATH"
# Check notarization status
spctl --assess -vv --type install "$INSTALLER_PATH" 2>&1 | tee /dev/stderr | grep accepted
- name: Upload Artifact
uses: actions/upload-artifact@v4
# CI artifact uploads only on manual and scheduled runs
if: inputs.event_name == 'workflow_dispatch' || github.event_name == 'workflow_dispatch' || inputs.event_name == 'schedule'
with:
name: napari-${{ env.version }}-${{ runner.os }}-${{ env.arch-suffix }}.${{ env.extension }}
path: ${{ github.workspace }}/napari-packaging/_work/napari-${{ env.version }}-${{ runner.os }}-${{ env.arch-suffix }}.${{ env.extension }}
retention-days: 7
- name: Get Release
if: inputs.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
id: get_release
uses: bruceadams/get-release@v1.3.2
- name: Upload Release Asset
if: inputs.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
uses: actions/upload-release-asset@v1
with:
upload_url: ${{ steps.get_release.outputs.upload_url }}
asset_path: ${{ github.workspace }}/napari-packaging/_work/napari-${{ env.version }}-${{ runner.os }}-${{ env.arch-suffix }}.${{ env.extension }}
asset_name: napari-${{ env.version }}-${{ runner.os }}-${{ env.arch-suffix }}.${{ env.extension }}
asset_content_type: application/octet-stream
- name: Test installation (Linux)
if: runner.os == 'Linux'
working-directory: napari-packaging/_work
env:
MENUINST_DEBUG: 1
run: |
bash napari-${{ env.version }}-${{ runner.os }}-${{ env.arch-suffix }}.${{ env.extension }} -bfp "${{ runner.temp }}/napari-${{ env.version }}"
. "${{ runner.temp }}/napari-${{ env.version }}/etc/profile.d/conda.sh"
conda activate "${{ runner.temp }}/napari-${{ env.version }}/envs/napari-${{ env.version }}"
conda config --show-sources
conda config --show
xvfb-run --auto-servernum napari --info
# Test shortcut
python -c "import pathlib as p; assert list(p.Path('~/.local/share/applications/').expanduser().glob('napari*.desktop'))"
- name: Test installation (macOS)
if: runner.os == 'macOS'
working-directory: napari-packaging/_work
env:
MENUINST_DEBUG: 1
run: |
set -x
installer -pkg napari-${{ env.version }}-${{ runner.os }}-${{ env.arch-suffix }}.${{ env.extension }} -target CurrentUserHomeDirectory -dumplog
. "/Users/runner/Library/napari-${{ env.version }}/etc/profile.d/conda.sh"
conda activate "/Users/runner/Library/napari-${{ env.version }}/envs/napari-${{ env.version }}"
conda config --show-sources
conda config --show
napari --info
# Test shortcut
python -c "import pathlib as p; assert list(p.Path('~/Applications').expanduser().glob('napari*.app'))"
- name: Test installation (Windows)
if: runner.os == 'Windows'
shell: cmd /C call {0}
working-directory: napari-packaging/_work
env:
MENUINST_DEBUG: 1
run: |
cmd.exe /c start /wait napari-${{ env.version }}-${{ runner.os }}-${{ env.arch-suffix }}.${{ env.extension }} /S /D=${{ runner.temp }}\napari-${{ env.version }}
CALL ${{ runner.temp }}\napari-${{ env.version }}\Scripts\activate ${{ runner.temp }}\napari-${{ env.version }}\envs\napari-${{ env.version }}
CALL conda config --show-sources
CALL conda config --show
napari --info
:: Test shortcut
python -c "import pathlib as p; assert list(p.Path('%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs').glob('napari*\\napari*.lnk'))"