forked from metabrainz/picard
-
Notifications
You must be signed in to change notification settings - Fork 1
151 lines (146 loc) · 4.64 KB
/
package-pypi.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Package for PyPI
on: [workflow_call]
permissions: {}
defaults:
run:
shell: bash
jobs:
pypi-sdist:
runs-on: ubuntu-latest
env:
CODESIGN: 0
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.13
cache: 'pip'
- name: Install dependencies (Linux)
if: runner.os == 'linux'
run: |
sudo apt-get update
sudo apt-get install libegl1
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade setuptools
pip install --upgrade -r requirements.txt
- name: Run tests
timeout-minutes: 30
run: |
python setup.py test
- name: Build Python source distribution
run: |
git clean -dfx
python setup.py clean sdist --formats=gztar,zip
- name: Prepare GPG signing key
run: |
if [ -n "$CODESIGN_GPG_URL" ] && [ -n "$AWS_ACCESS_KEY_ID" ]; then
pip3 install awscli
aws s3 cp "$CODESIGN_GPG_URL" signkey.asc.enc
openssl enc -d -aes-256-cbc -pbkdf2 -iter 600000 -in signkey.asc.enc -out signkey.asc -k "$CODESIGN_GPG_PASSWORD"
gpg --import signkey.asc
rm signkey.asc*
echo "CODESIGN=1" >> $GITHUB_ENV
else
echo "::warning::No signing key available, skipping code signing."
fi
env:
AWS_DEFAULT_REGION: eu-central-1
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CODESIGN_GPG_URL: ${{ secrets.CODESIGN_GPG_URL }}
CODESIGN_GPG_PASSWORD: ${{ secrets.CODESIGN_GPG_PASSWORD }}
- name: Sign source archives
if: env.CODESIGN == '1'
run: |
for f in dist/*.{zip,tar.gz}; do
gpg --armor --local-user "$CODESIGN_GPG_IDENTITY" --output "${f}.asc" --detach-sig "$f"
done
env:
CODESIGN_GPG_IDENTITY: 68990DD0B1EDC129B856958167997E14D563DA7C
- name: Cleanup
if: env.CODESIGN == '1'
run: |
rm -rf "$HOME/.gnupg"
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: picard-sdist
path: dist/*
pypi-bdist:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [macos-13, windows-2019]
python-version: ['3.9', '3.10', '3.11', '3.12', '3.13']
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: 'pip'
- name: Install gettext (macOS)
if: runner.os == 'macOS'
run: |
brew install gettext
brew link gettext --force
echo "/usr/local/opt/gettext/bin" >> $GITHUB_PATH
- name: Install gettext (Windows)
if: runner.os == 'Windows'
run: |
& .\scripts\package\win-setup-gettext.ps1 `
-GettextVersion $Env:GETTEXT_VERSION -GettextSha256Sum $Env:GETTEXT_SHA256SUM
Add-Content $env:GITHUB_PATH (Join-Path -Path (Resolve-Path .) -ChildPath gettext\bin)
shell: pwsh
env:
GETTEXT_VERSION: 0.22.4
GETTEXT_SHA256SUM: 220068ac0b9e7aedda03534a3088e584640ac1e639800b3a0baa9410aa6d012a
- name: Install dependencies (Linux)
if: runner.os == 'linux'
run: |
sudo apt-get update
sudo apt-get install libegl1
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade setuptools wheel
pip install --upgrade -r requirements.txt
- name: Run tests
timeout-minutes: 30
run: |
python setup.py test
- name: Build Python binary distribution
run: |
python setup.py clean bdist_wheel
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: picard-bdist-${{ runner.os }}-${{ matrix.python-version }}
path: dist/*.whl
pypi-release:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
needs:
- pypi-bdist
- pypi-sdist
environment:
name: pypi
url: https://pypi.org/p/picard
permissions:
id-token: write # required for PyPI upload
steps:
- uses: actions/download-artifact@v4
with:
pattern: picard-?dist*
path: dist/
merge-multiple: true
- name: Prepare distributions
run: |
ls -l dist/
# Remove zip source distribution (only a single sdist is allowed)
rm dist/picard-*.zip*
- name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@release/v1