Skip to content

Commit

Permalink
ci: sign files
Browse files Browse the repository at this point in the history
Signed-off-by: Henry Schreiner <henryschreineriii@gmail.com>
  • Loading branch information
henryiii committed Mar 28, 2024
1 parent 23bab22 commit 3252c70
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 32 deletions.
55 changes: 27 additions & 28 deletions .github/workflows/wheels.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,6 @@ on:
inputs:
overrideVersion:
description: Manually force a version
pull_request:
branches:
- master
- main
push:
branches:
- master
- main
release:
types:
- published
Expand All @@ -25,6 +17,9 @@ env:
SETUPTOOLS_SCM_PRETEND_VERSION: ${{ github.event.inputs.overrideVersion }}
CIBW_ENVIRONMENT: "PIP_PREFER_BINARY=1"

permissions:
id-token: write # sigstore

jobs:
build_sdist:
name: Build SDist
Expand All @@ -35,19 +30,20 @@ jobs:
fetch-depth: 0
submodules: true

- name: Set version if needed
if: github.event.inputs.overrideVersion
run: echo "SETUPTOOLS_SCM_PRETEND_VERSION=${{ github.event.inputs.overrideVersion }}" >> $GITHUB_ENV

- name: Build SDist
run: pipx run build --sdist

- name: Check metadata
run: pipx run twine check --strict dist/*
run: pipx run twine check --strict dist/*.tar.gz

- name: Sign the dists with Sigstore
uses: sigstore/gh-action-sigstore-python@v1.2.3
with:
inputs: ./dist/*.tar.gz

- uses: actions/upload-artifact@v4
with:
path: dist/*.tar.gz
path: dist/*
name: wheels-sdist

build_arch_wheels:
Expand All @@ -63,11 +59,6 @@ jobs:
fetch-depth: 0
submodules: true

- name: Set version if needed
if: github.event.inputs.overrideVersion
shell: bash
run: echo "SETUPTOOLS_SCM_PRETEND_VERSION=${{ github.event.inputs.overrideVersion }}" >> $GITHUB_ENV

- uses: docker/setup-qemu-action@v3.0.0
with:
platforms: all
Expand All @@ -81,10 +72,15 @@ jobs:
run: git diff --exit-code
shell: bash

- name: Sign the dists with Sigstore
uses: sigstore/gh-action-sigstore-python@v1.2.3
with:
inputs: ./wheelhouse/*.whl

- name: Upload wheels
uses: actions/upload-artifact@v4
with:
path: wheelhouse/*.whl
path: wheelhouse/*
name: wheel-aarch-${{ strategy.job-index }}

build_wheels:
Expand All @@ -109,11 +105,6 @@ jobs:
fetch-depth: 0
submodules: true

- name: Set version if needed
if: github.event.inputs.overrideVersion
shell: bash
run: echo "SETUPTOOLS_SCM_PRETEND_VERSION=${{ github.event.inputs.overrideVersion }}" >> $GITHUB_ENV

- uses: pypa/cibuildwheel@v2.17
env:
CIBW_BUILD: ${{ matrix.build }}
Expand All @@ -123,6 +114,11 @@ jobs:
run: git diff --exit-code
shell: bash

- name: Sign the dists with Sigstore
uses: sigstore/gh-action-sigstore-python@v1.2.3
with:
inputs: ./wheelhouse/*

- name: Upload wheels
uses: actions/upload-artifact@v4
with:
Expand All @@ -133,6 +129,12 @@ jobs:
name: Upload if release
needs: [build_wheels, build_arch_wheels, build_sdist]
runs-on: ubuntu-latest
if: github.event_name == 'release' && github.event.action == 'published'
environment:
name: pypi
url: https://pypi.org/p/boost-histogram
permissions:
id-token: write

steps:
- uses: actions/download-artifact@v4
Expand All @@ -145,6 +147,3 @@ jobs:
run: ls -lh dist

- uses: pypa/gh-action-pypi-publish@release/v1
if: github.event_name == 'release' && github.event.action == 'published'
with:
password: ${{ secrets.pypi_password }}
13 changes: 9 additions & 4 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -96,8 +96,13 @@ repos:
- id: rst-directive-colons
- id: rst-inline-touching-normal

- repo: https://github.com/shellcheck-py/shellcheck-py
rev: v0.10.0.1
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.28.0
hooks:
- id: shellcheck
exclude: ^docs/notebooks/conf.sh$
- id: check-readthedocs
- id: check-github-workflows

- repo: https://github.com/henryiii/validate-pyproject-schema-store
rev: 2024.03.25
hooks:
- id: validate-pyproject

0 comments on commit 3252c70

Please sign in to comment.