From b7b7d04ae89ad0cd23586a974b8a76c0d0c3fa14 Mon Sep 17 00:00:00 2001 From: Matthew Mckee Date: Tue, 9 Dec 2025 18:33:13 +0000 Subject: [PATCH 01/10] New release workflow --- .github/workflows/build-binaries.yml | 497 ++++++++++++++++++++++++++ .github/workflows/build.yml | 190 ---------- .github/workflows/publish-docs.yml | 71 ++++ .github/workflows/release-drafter.yml | 50 --- .github/workflows/release.yml | 274 +++++++++++--- Cargo.toml | 5 + crates/karva/Cargo.toml | 3 + dist-workspace.toml | 66 ++++ seal.toml | 30 ++ 9 files changed, 898 insertions(+), 288 deletions(-) create mode 100644 .github/workflows/build-binaries.yml delete mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/publish-docs.yml delete mode 100644 .github/workflows/release-drafter.yml create mode 100644 dist-workspace.toml create mode 100644 seal.toml diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml new file mode 100644 index 00000000..bd1a4367 --- /dev/null +++ b/.github/workflows/build-binaries.yml @@ -0,0 +1,497 @@ +# Build karva on all platforms. +# +# Generates both wheels (for PyPI) and archived binaries (for GitHub releases). +# +# Assumed to run as a subworkflow of .github/workflows/release.yml; specifically, as a local +# artifacts job within `cargo-dist`. +name: "Build binaries" + +on: + workflow_call: + inputs: + plan: + required: true + type: string + pull_request: + paths: + # When we change pyproject.toml, we want to ensure that the maturin builds still work. + - pyproject.toml + # And when we change this workflow itself... + - .github/workflows/build-binaries.yml + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +env: + CARGO_INCREMENTAL: 0 + CARGO_NET_RETRY: 10 + CARGO_TERM_COLOR: always + RUSTUP_MAX_RETRIES: 10 + +jobs: + sdist: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false + - name: Build sdist + uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 + with: + command: sdist + args: --out dist + - name: "Upload sdist" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: wheels-sdist + path: dist + + windows: + runs-on: windows-latest + strategy: + matrix: + platform: + - target: x86_64-pc-windows-msvc + arch: x64 + - target: i686-pc-windows-msvc + arch: x86 + - target: aarch64-pc-windows-msvc + arch: x64 # not relevant here + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false + - name: "Build wheels" + uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 + with: + target: ${{ matrix.platform.target }} + args: --release --locked --out dist --features + sccache: "true" + - name: "Upload wheels" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: wheels-windows-${{ matrix.platform.target }} + path: dist + - name: "Archive binary" + shell: bash + run: | + ARCHIVE_FILE=prek-${{ matrix.platform.target }}.zip + 7z a $ARCHIVE_FILE ./target/${{ matrix.platform.target }}/release/prek.exe + sha256sum $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: artifacts-${{ matrix.platform.target }} + path: | + *.zip + *.sha256 + + macos: + runs-on: ${{ matrix.platform.runner }} + strategy: + matrix: + platform: + - runner: macos-15 + target: x86_64-apple-darwin + - runner: macos-15 + target: aarch64-apple-darwin + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false + - name: "Build wheels" + uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 + with: + target: ${{ matrix.platform.target }} + args: --release --locked --out dist --features + sccache: "true" + - name: "Upload wheels" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: wheels-macos-${{ matrix.platform.target }} + path: dist + - name: "Archive binary" + run: | + TARGET=${{ matrix.platform.target }} + ARCHIVE_NAME=prek-$TARGET + ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz + + mkdir -p $ARCHIVE_NAME + cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + tar czvf $ARCHIVE_FILE $ARCHIVE_NAME + shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: artifacts-${{ matrix.platform.target }} + path: | + *.tar.gz + *.sha256 + + linux: + runs-on: ubuntu-latest + strategy: + matrix: + include: + - { target: "i686-unknown-linux-gnu", cc: "gcc -m32" } + - { target: "x86_64-unknown-linux-gnu", cc: "gcc" } + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false + - name: "Build wheels" + uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 + with: + target: ${{ matrix.target }} + # Generally, we try to build in a target docker container. In this case however, a + # 32-bit compiler runs out of memory (4GB memory limit for 32-bit), so we cross compile + # from 64-bit version of the container, breaking the pattern from other builds. + container: quay.io/pypa/manylinux2014 + args: --release --locked --out dist --features + # See: https://github.com/sfackler/rust-openssl/issues/2036#issuecomment-1724324145 + before-script-linux: | + # Install the 32-bit cross target on 64-bit (noop if we're already on 64-bit) + rustup target add ${{ matrix.target }} + # If we're running on rhel centos, install needed packages. + if command -v yum &> /dev/null; then + yum update -y && yum install -y perl-core openssl openssl-devel pkgconfig libatomic + + # If we're running on i686 we need to symlink libatomic + # in order to build openssl with -latomic flag. + if [[ ! -d "/usr/lib64" ]]; then + ln -s /usr/lib/libatomic.so.1 /usr/lib/libatomic.so + else + # Support cross-compiling from 64-bit to 32-bit + yum install -y glibc-devel.i686 libstdc++-devel.i686 + fi + else + # If we're running on debian-based system. + apt update -y && apt-get install -y libssl-dev openssl pkg-config + fi + sccache: "true" + manylinux: auto + env: + CC: ${{ matrix.cc }} + - name: "Upload wheels" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: wheels-linux-${{ matrix.target }} + path: dist + - name: "Archive binary" + shell: bash + run: | + set -euo pipefail + + TARGET=${{ matrix.target }} + ARCHIVE_NAME=prek-$TARGET + ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz + + mkdir -p $ARCHIVE_NAME + cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + tar czvf $ARCHIVE_FILE $ARCHIVE_NAME + shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: artifacts-${{ matrix.target }} + path: | + *.tar.gz + *.sha256 + + linux-arm: + runs-on: ubuntu-latest + timeout-minutes: 30 + strategy: + matrix: + platform: + - target: aarch64-unknown-linux-gnu + arch: aarch64 + # see https://github.com/astral-sh/ruff/issues/3791 + # and https://github.com/gnzlbg/jemallocator/issues/170#issuecomment-1503228963 + maturin_docker_options: -e JEMALLOC_SYS_WITH_LG_PAGE=16 + - target: armv7-unknown-linux-gnueabihf + arch: armv7 + - target: arm-unknown-linux-musleabihf + arch: arm + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false + - name: "Build wheels" + uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 + with: + target: ${{ matrix.platform.target }} + # On `aarch64`, use `manylinux: 2_28`; otherwise, use `manylinux: auto`. + manylinux: ${{ matrix.platform.arch == 'aarch64' && '2_28' || 'auto' }} + docker-options: ${{ matrix.platform.maturin_docker_options }} + args: --release --locked --out dist --features + - name: "Upload wheels" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: wheels-linux-${{ matrix.platform.target }} + path: dist + - name: "Archive binary" + shell: bash + run: | + set -euo pipefail + + TARGET=${{ matrix.platform.target }} + ARCHIVE_NAME=prek-$TARGET + ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz + + mkdir -p $ARCHIVE_NAME + cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + tar czvf $ARCHIVE_FILE $ARCHIVE_NAME + shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: artifacts-${{ matrix.platform.target }} + path: | + *.tar.gz + *.sha256 + + linux-s390x: + runs-on: ubuntu-latest + timeout-minutes: 30 + strategy: + matrix: + platform: + - target: s390x-unknown-linux-gnu + arch: s390x + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false + - name: "Build wheels" + uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 + with: + target: ${{ matrix.platform.target }} + manylinux: auto + args: --release --locked --out dist --features + rust-toolchain: ${{ matrix.platform.toolchain || null }} + env: + CFLAGS_s390x_unknown_linux_gnu: -march=z10 + - name: "Upload wheels" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: wheels-linux-${{ matrix.platform.target }} + path: dist + - name: "Archive binary" + shell: bash + run: | + set -euo pipefail + + TARGET=${{ matrix.platform.target }} + ARCHIVE_NAME=prek-$TARGET + ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz + + mkdir -p $ARCHIVE_NAME + cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + tar czvf $ARCHIVE_FILE $ARCHIVE_NAME + shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: artifacts-${{ matrix.platform.target }} + path: | + *.tar.gz + *.sha256 + + linux-powerpc: + runs-on: ubuntu-latest + timeout-minutes: 30 + strategy: + matrix: + platform: + - target: powerpc64le-unknown-linux-gnu + arch: ppc64le + # see https://github.com/astral-sh/uv/issues/6528 + maturin_docker_options: -e JEMALLOC_SYS_WITH_LG_PAGE=16 + - target: powerpc64-unknown-linux-gnu + arch: ppc64 + # see https://github.com/astral-sh/uv/issues/6528 + maturin_docker_options: -e JEMALLOC_SYS_WITH_LG_PAGE=16 + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false + - name: "Build wheels" + uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 + with: + target: ${{ matrix.platform.target }} + manylinux: auto + docker-options: ${{ matrix.platform.maturin_docker_options }} + args: --release --locked --out dist --features + before-script-linux: | + if command -v yum &> /dev/null; then + yum update -y + yum -y install epel-release + yum repolist + yum install -y gcc-powerpc64-linux-gnu + fi + - name: "Upload wheels" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: wheels-linux-${{ matrix.platform.target }} + path: dist + - name: "Archive binary" + shell: bash + run: | + set -euo pipefail + + TARGET=${{ matrix.platform.target }} + ARCHIVE_NAME=prek-$TARGET + ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz + + mkdir -p $ARCHIVE_NAME + cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + tar czvf $ARCHIVE_FILE $ARCHIVE_NAME + shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: artifacts-${{ matrix.platform.target }} + path: | + *.tar.gz + *.sha256 + + linux-riscv64: + runs-on: ubuntu-latest + timeout-minutes: 30 + strategy: + matrix: + platform: + - target: riscv64gc-unknown-linux-gnu + arch: riscv64 + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false + - name: "Build wheels" + uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 + with: + target: ${{ matrix.platform.target }} + manylinux: auto + args: --release --locked --out dist --features + - name: "Upload wheels" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: wheels-linux-${{ matrix.platform.target }} + path: dist + - name: "Archive binary" + shell: bash + run: | + set -euo pipefail + + TARGET=${{ matrix.platform.target }} + ARCHIVE_NAME=prek-$TARGET + ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz + + mkdir -p $ARCHIVE_NAME + cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + tar czvf $ARCHIVE_FILE $ARCHIVE_NAME + shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: artifacts-${{ matrix.platform.target }} + path: | + *.tar.gz + *.sha256 + + musllinux: + runs-on: ubuntu-latest + strategy: + matrix: + target: + - x86_64-unknown-linux-musl + - i686-unknown-linux-musl + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false + - name: "Build wheels" + uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 + with: + target: ${{ matrix.target }} + manylinux: musllinux_1_1 + args: --release --locked --out dist --features + - name: "Upload wheels" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: wheels-linux-${{ matrix.target }} + path: dist + - name: "Archive binary" + shell: bash + run: | + set -euo pipefail + + TARGET=${{ matrix.target }} + ARCHIVE_NAME=prek-$TARGET + ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz + + mkdir -p $ARCHIVE_NAME + cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + tar czvf $ARCHIVE_FILE $ARCHIVE_NAME + shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: artifacts-${{ matrix.target }} + path: | + *.tar.gz + *.sha256 + + musllinux-cross: + runs-on: ubuntu-latest + strategy: + matrix: + platform: + - target: aarch64-unknown-linux-musl + arch: aarch64 + maturin_docker_options: -e JEMALLOC_SYS_WITH_LG_PAGE=16 + - target: armv7-unknown-linux-musleabihf + arch: armv7 + fail-fast: false + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false + - name: "Build wheels" + uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 + with: + target: ${{ matrix.platform.target }} + manylinux: musllinux_1_1 + args: --release --locked --out dist --features ${{ matrix.platform.arch == 'aarch64' && '--compatibility 2_17' || ''}} + docker-options: ${{ matrix.platform.maturin_docker_options }} + rust-toolchain: ${{ matrix.platform.toolchain || null }} + - name: "Upload wheels" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: wheels-linux-${{ matrix.platform.target }} + path: dist + - name: "Archive binary" + shell: bash + run: | + set -euo pipefail + + TARGET=${{ matrix.platform.target }} + ARCHIVE_NAME=prek-$TARGET + ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz + + mkdir -p $ARCHIVE_NAME + cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + tar czvf $ARCHIVE_FILE $ARCHIVE_NAME + shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: artifacts-${{ matrix.platform.target }} + path: | + *.tar.gz + *.sha256 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index d5f4dbf6..00000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,190 +0,0 @@ -name: Build / Release PyPI - -on: - push: - tags: - - v[0-9]*.[0-9]*.[0-9]* - - workflow_call: - -permissions: {} - -jobs: - linux: - name: build wheels (Linux, ${{ matrix.platform.target }}) - runs-on: ubuntu-latest - strategy: - matrix: - platform: - - target: x86_64 - - target: x86 - - target: aarch64 - - target: armv7 - - steps: - - name: Checkout repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - with: - persist-credentials: false - - - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: 3.x - - - name: Build wheels - uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 - with: - target: ${{ matrix.platform.target }} - args: --release --out dist - manylinux: auto - - - name: Upload wheels - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: wheels-linux-${{ matrix.platform.target }} - path: dist - - musllinux: - name: build wheels (Linux Musl, ${{ matrix.platform.target }}) - runs-on: ubuntu-latest - strategy: - matrix: - platform: - - target: x86_64 - - target: x86 - - target: aarch64 - - target: armv7 - - steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - with: - persist-credentials: false - - - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: 3.x - - - name: Build wheels - uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 - with: - target: ${{ matrix.platform.target }} - args: --release --out dist - manylinux: musllinux_1_2 - - - name: Upload wheels - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: wheels-musllinux-${{ matrix.platform.target }} - path: dist - - windows: - name: build wheels (Windows, ${{ matrix.platform.target }}) - runs-on: windows-latest - strategy: - matrix: - platform: - - target: x64 - - target: x86 - - steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - with: - persist-credentials: false - - - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: 3.x - architecture: ${{ matrix.platform.target }} - - - name: Build wheels - uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 - with: - target: ${{ matrix.platform.target }} - args: --release --out dist - - - name: Upload wheels - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: wheels-windows-${{ matrix.platform.target }} - path: dist - - macos: - name: build wheels (macOS, ${{ matrix.platform.target }}) - runs-on: ${{ matrix.platform.runner }} - strategy: - matrix: - platform: - - runner: macos-15-intel - target: x86_64 - - runner: macos-15 - target: aarch64 - - steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - with: - persist-credentials: false - - - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: 3.x - - - name: Build wheels - uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 - with: - target: ${{ matrix.platform.target }} - args: --release --out dist - - - name: Upload wheels - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: wheels-macos-${{ matrix.platform.target }} - path: dist - - sdist: - name: build source distribution - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - with: - persist-credentials: false - - - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: 3.x - - - name: Build sdist - uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 - with: - command: sdist - args: --out dist - - - name: Upload sdist - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: wheels-sdist - path: dist - - release: - name: "release" - - runs-on: ubuntu-latest - - if: startsWith(github.ref, 'refs/tags/') - - needs: [linux, musllinux, windows, macos, sdist] - - steps: - - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - - - name: Publish to PyPI - uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 - env: - MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }} - with: - command: upload - args: --non-interactive --skip-existing wheels-*/* diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml new file mode 100644 index 00000000..dcfdc4d7 --- /dev/null +++ b/.github/workflows/publish-docs.yml @@ -0,0 +1,71 @@ +name: Deploy Documentation + +on: + workflow_dispatch: + inputs: + ref: + description: "The commit SHA, tag, or branch to publish. Uses the default branch if not specified." + default: "" + type: string + + workflow_call: + inputs: + plan: + required: true + type: string + +concurrency: + group: "pages" + cancel-in-progress: false + +permissions: {} + +env: + PYTHON_VERSION: "3.10" + +jobs: + build: + name: "Build docs" + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + with: + persist-credentials: false + + - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2 + with: + python-version: ${{ env.PYTHON_VERSION }} + + - name: Prepare docs + run: uv run --script scripts/prepare_docs.py + + - name: Build docs + run: uv run --isolated --only-group docs zensical build + + - name: Upload artifact + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4 + with: + path: ./site + + deploy: + runs-on: ubuntu-latest + + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + + permissions: + contents: read + pages: write + id-token: write + + needs: build + + if: github.ref == 'refs/heads/main' + + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml deleted file mode 100644 index 51238353..00000000 --- a/.github/workflows/release-drafter.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Release Drafter and Labels - -on: - push: - branches: - - main - - pull_request: - types: [edited, opened, reopened, synchronize, unlabeled, labeled] - -permissions: - contents: read - -jobs: - update_release_draft: - permissions: - contents: write - pull-requests: write - - runs-on: ubuntu-latest - - steps: - - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - require_label: - if: github.event.pull_request - - needs: [update_release_draft] - - runs-on: ubuntu-latest - - permissions: - issues: write - pull-requests: write - - steps: - - name: Wait for labels to be added - # Don't shout at the PR author right away - run: sleep 20 - - - uses: mheap/github-action-required-labels@8afbe8ae6ab7647d0c9f0cfa7c2f939650d22509 # v5.5.1 - with: - mode: minimum - count: 1 - labels: ".+" - add_comment: true - use_regex: true - message: "Please add a label to this pull request." diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 07cb86d9..241131ee 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,68 +1,246 @@ +# This file was autogenerated by dist: https://axodotdev.github.io/cargo-dist +# +# Copyright 2022-2024, axodotdev +# SPDX-License-Identifier: MIT or Apache-2.0 +# +# CI that: +# +# * checks for a Git Tag that looks like a release +# * builds artifacts with dist (archives, installers, hashes) +# * uploads those artifacts to temporary workflow zip +# * on success, uploads the artifacts to a GitHub Release +# +# Note that the GitHub Release will be created with a generated +# title/body based on your changelogs. + name: Release +permissions: + "contents": "write" +# This task will run whenever you workflow_dispatch with a tag that looks like a version +# like "1.0.0", "v0.1.0-prerelease.1", "my-app/0.1.0", "releases/v1.0.0", etc. +# Various formats will be parsed into a VERSION and an optional PACKAGE_NAME, where +# PACKAGE_NAME must be the name of a Cargo package in your workspace, and VERSION +# must be a Cargo-style SemVer Version (must have at least major.minor.patch). +# +# If PACKAGE_NAME is specified, then the announcement will be for that +# package (erroring out if it doesn't have the given version or isn't dist-able). +# +# If PACKAGE_NAME isn't specified, then the announcement will be for all +# (dist-able) packages in the workspace with that version (this mode is +# intended for workspaces with only one dist-able package, or with all dist-able +# packages versioned/released in lockstep). +# +# If you push multiple tags at once, separate instances of this workflow will +# spin up, creating an independent announcement for each one. However, GitHub +# will hard limit this to 3 tags per commit, as it will assume more tags is a +# mistake. +# +# If there's a prerelease-style suffix to the version, then the release(s) +# will be marked as a prerelease. on: - push: - tags: - - v[0-9]*.[0-9]*.[0-9]* - -env: - PYTHON_VERSION: "3.14" + pull_request: + workflow_dispatch: + inputs: + tag: + description: Release Tag + required: true + default: dry-run + type: string jobs: - release_github: - runs-on: ubuntu-latest - - permissions: - contents: write - + # Run 'dist plan' (or host) to determine what tasks we need to do + plan: + runs-on: "ubuntu-22.04" + outputs: + val: ${{ steps.plan.outputs.manifest }} + tag: ${{ (inputs.tag != 'dry-run' && inputs.tag) || '' }} + tag-flag: ${{ inputs.tag && inputs.tag != 'dry-run' && format('--tag={0}', inputs.tag) || '' }} + publishing: ${{ inputs.tag && inputs.tag != 'dry-run' }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 with: persist-credentials: false - - - name: Publish Latest Draft + submodules: recursive + - name: Install dist + # we specify bash to get pipefail; it guards against the `curl` command + # failing. otherwise `sh` won't catch that `curl` returned non-0 + shell: bash + run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.30.2/cargo-dist-installer.sh | sh" + - name: Cache dist + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + with: + name: cargo-dist-cache + path: ~/.cargo/bin/dist + # sure would be cool if github gave us proper conditionals... + # so here's a doubly-nested ternary-via-truthiness to try to provide the best possible + # functionality based on whether this is a pull_request, and whether it's from a fork. + # (PRs run on the *source* but secrets are usually on the *target* -- that's *good* + # but also really annoying to build CI around when it needs secrets to work right.) + - id: plan run: | - if gh release list | grep Draft; then - old_version="$(gh release list | grep Draft | head -1 | cut -f1)" - new_version="${GITHUB_REF_NAME}" - body=$(gh release view "$old_version" --json body -q ".body" | sed "s/\.\.\.$old_version/...$new_version/g") - gh release delete "$old_version" - gh release create "$new_version" --title "${GITHUB_REF_NAME}" --notes "$body"; - else - gh release create "$new_version" --title "${GITHUB_REF_NAME}"; - fi - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + dist ${{ (inputs.tag && inputs.tag != 'dry-run' && format('host --steps=create --tag={0}', inputs.tag)) || 'plan' }} --output-format=json > plan-dist-manifest.json + echo "dist ran successfully" + cat plan-dist-manifest.json + echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT" + - name: "Upload dist-manifest.json" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + with: + name: artifacts-plan-dist-manifest + path: plan-dist-manifest.json - publish-docs: - runs-on: ubuntu-latest + custom-build-binaries: + needs: + - plan + if: ${{ needs.plan.outputs.publishing == 'true' || fromJson(needs.plan.outputs.val).ci.github.pr_run_mode == 'upload' || inputs.tag == 'dry-run' }} + uses: ./.github/workflows/build-binaries.yml + with: + plan: ${{ needs.plan.outputs.val }} + secrets: inherit - name: Docs builder and publisher + # Build and package all the platform-agnostic(ish) things + build-global-artifacts: + needs: + - plan + - custom-build-binaries + runs-on: "ubuntu-22.04" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + with: + persist-credentials: false + submodules: recursive + - name: Install cached dist + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + name: cargo-dist-cache + path: ~/.cargo/bin/ + - run: chmod +x ~/.cargo/bin/dist + # Get all the local artifacts for the global tasks to use (for e.g. checksums) + - name: Fetch local artifacts + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + pattern: artifacts-* + path: target/distrib/ + merge-multiple: true + - id: cargo-dist + shell: bash + run: | + dist build ${{ needs.plan.outputs.tag-flag }} --output-format=json "--artifacts=global" > dist-manifest.json + echo "dist ran successfully" - permissions: - contents: write + # Parse out what we just built and upload it to scratch storage + echo "paths<> "$GITHUB_OUTPUT" + jq --raw-output ".upload_files[]" dist-manifest.json >> "$GITHUB_OUTPUT" + echo "EOF" >> "$GITHUB_OUTPUT" + cp dist-manifest.json "$BUILD_MANIFEST_NAME" + - name: "Upload artifacts" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + with: + name: artifacts-build-global + path: | + ${{ steps.cargo-dist.outputs.paths }} + ${{ env.BUILD_MANIFEST_NAME }} + # Determines if we should publish/announce + host: + needs: + - plan + - custom-build-binaries + - build-global-artifacts + # Only run if we're "publishing", and only if plan, local and global didn't fail (skipped is fine) + if: ${{ always() && needs.plan.result == 'success' && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.custom-build-binaries.result == 'skipped' || needs.custom-build-binaries.result == 'success') }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + runs-on: "ubuntu-22.04" + outputs: + val: ${{ steps.host.outputs.manifest }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 with: persist-credentials: false - - - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2 + submodules: recursive + - name: Install cached dist + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + name: cargo-dist-cache + path: ~/.cargo/bin/ + - run: chmod +x ~/.cargo/bin/dist + # Fetch artifacts from scratch-storage + - name: Fetch artifacts + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: - python-version: ${{ env.PYTHON_VERSION }} - enable-cache: false + pattern: artifacts-* + path: target/distrib/ + merge-multiple: true + # This is a harmless no-op for GitHub Releases, hosting for that happens in "announce" + - id: host + shell: bash + run: | + dist host ${{ needs.plan.outputs.tag-flag }} --steps=upload --steps=release --output-format=json > dist-manifest.json + echo "artifacts uploaded and released successfully" + cat dist-manifest.json + echo "manifest=$(jq -c "." dist-manifest.json)" >> "$GITHUB_OUTPUT" + - name: "Upload dist-manifest.json" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + with: + # Overwrite the previous copy + name: artifacts-dist-manifest + path: dist-manifest.json - - name: Prepare docs - run: uv run --script scripts/prepare_docs.py + # Create a GitHub Release while uploading all files to it + announce: + needs: + - plan + - host + # use "always() && ..." to allow us to wait for all publish jobs while + # still allowing individual publish jobs to skip themselves (for prereleases). + # "host" however must run to completion, no skipping allowed! + if: ${{ always() && needs.host.result == 'success' }} + runs-on: "ubuntu-22.04" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + with: + persist-credentials: false + submodules: recursive + # Create a GitHub Release while uploading all files to it + - name: "Download GitHub Artifacts" + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + pattern: artifacts-* + path: artifacts + merge-multiple: true + - name: Cleanup + run: | + # Remove the granular manifests + rm -f artifacts/*-dist-manifest.json + - name: Create GitHub Release + env: + PRERELEASE_FLAG: "${{ fromJson(needs.host.outputs.val).announcement_is_prerelease && '--prerelease' || '' }}" + ANNOUNCEMENT_TITLE: "${{ fromJson(needs.host.outputs.val).announcement_title }}" + ANNOUNCEMENT_BODY: "${{ fromJson(needs.host.outputs.val).announcement_github_body }}" + RELEASE_COMMIT: "${{ github.sha }}" + run: | + # Write and read notes from a file to avoid quoting breaking things + echo "$ANNOUNCEMENT_BODY" > $RUNNER_TEMP/notes.txt - - name: Build docs - run: uv run --isolated --only-group docs zensical build + gh release create "${{ needs.plan.outputs.tag }}" --target "$RELEASE_COMMIT" $PRERELEASE_FLAG --title "$ANNOUNCEMENT_TITLE" --notes-file "$RUNNER_TEMP/notes.txt" artifacts/* - - name: Deploy - uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - publish_dir: site - publish_branch: gh-pages - keep_files: false - force_orphan: true + custom-publish-docs: + needs: + - plan + - announce + uses: ./.github/workflows/publish-docs.yml + with: + plan: ${{ needs.plan.outputs.val }} + secrets: inherit + permissions: + "contents": "read" + "id-token": "write" + "pages": "write" diff --git a/Cargo.toml b/Cargo.toml index 06f4e98d..add70186 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -87,3 +87,8 @@ too_many_lines = "allow" significant_drop_tightening = "allow" must_use_candidate = "allow" option_if_let_else = "allow" + +# The profile that 'dist' will build with +[profile.dist] +inherits = "release" +lto = "thin" diff --git a/crates/karva/Cargo.toml b/crates/karva/Cargo.toml index 6ddc87c3..9568ec3a 100644 --- a/crates/karva/Cargo.toml +++ b/crates/karva/Cargo.toml @@ -22,3 +22,6 @@ pyo3 = { workspace = true } [lints] workspace = true + +[package.metadata.dist] +dist = true diff --git a/dist-workspace.toml b/dist-workspace.toml new file mode 100644 index 00000000..ab284bb6 --- /dev/null +++ b/dist-workspace.toml @@ -0,0 +1,66 @@ +[workspace] +members = ["cargo:."] +packages = ["karva_cli"] + +# Config for 'dist' +[dist] +# The preferred dist version to use in CI (Cargo.toml SemVer syntax) +cargo-dist-version = "0.30.2" +# Whether to consider the binaries in a package for distribution (defaults true) +dist = false +# CI backends to support +ci = "github" +# The installers to generate for each app +installers = ["shell", "powershell"] +# The archive format to use for windows builds (defaults .zip) +windows-archive = ".zip" +# The archive format to use for non-windows builds (defaults .tar.xz) +unix-archive = ".tar.gz" +# Target platforms to build apps for (Rust target-triple syntax) +targets = [ + "aarch64-apple-darwin", + "aarch64-unknown-linux-gnu", + "aarch64-unknown-linux-musl", + "arm-unknown-linux-musleabihf", + "armv7-unknown-linux-gnueabihf", + "armv7-unknown-linux-musleabihf", + "x86_64-apple-darwin", + "powerpc64-unknown-linux-gnu", + "powerpc64le-unknown-linux-gnu", + "riscv64gc-unknown-linux-gnu", + "s390x-unknown-linux-gnu", + "x86_64-unknown-linux-gnu", + "x86_64-unknown-linux-musl", + "x86_64-pc-windows-msvc", + "i686-unknown-linux-gnu", + "i686-unknown-linux-musl", +] +# Whether to auto-include files like READMEs, LICENSEEs, and CHANGELOGs (default true) +auto-includes = false +# Whether dist should create a Github Release or use an existing draft +create-release = true +# Which actions to run on pull requests +pr-run-mode = "plan" +# Whether to publish prereleases to package managers +publish-prereleases = true +# Whether CI should trigger releases with dispatches instead of tag pushes +dispatch-releases = true +# Which phase dist should use to create the GitHub release +github-release = "announce" +# Whether CI should include auto-generated code to build local artifacts +build-local-artifacts = false +# Local artifacts jobs to run in CI +local-artifacts-jobs = ["./build-binaries"] +# Post-announce jobs to run in CI +post-announce-jobs = ["./publish-docs"] +github-custom-job-permissions = { "publish-docs" = { contents = "read", pages = "write", id-token = "write" }} +# Whether to install an updater program +install-updater = false +# Path that installers should place binaries in +install-path = ["$XDG_BIN_HOME/", "$XDG_DATA_HOME/../bin", "~/.local/bin"] + +[dist.github-action-commits] +"actions/checkout" = "1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 +"actions/upload-artifact" = "330a01c490aca151604b8cf639adc76d48f6c5d4" # v5.0.0 +"actions/download-artifact" = "018cc2cf5baa6db3ef3c5f8a56943fffe632ef53" # v6.0.0 +"actions/attest-build-provenance" = "c074443f1aee8d4aeeae555aebba3282517141b2" #v2.2.3 diff --git a/seal.toml b/seal.toml new file mode 100644 index 00000000..0c0a13bd --- /dev/null +++ b/seal.toml @@ -0,0 +1,30 @@ +[release] +current-version = "0.0.1-alpha.3" + +version-files = [ + "crates/seal_version/Cargo.toml", + "crates/seal/Cargo.toml", + "README.md", + { path = "dist-workspace.toml", field = "workspace.version", format = "toml" } +] + +commit-message = "Release v{version}" +branch-name = "release/v{version}" +push = true +create-pr = true +confirm = true + +[changelog.section-labels] +"Bug Fixes" = ["bug"] +"Changelog " = ["changelog"] +"Bumping" = ["bumping"] +"Configuration" = ["configuration"] +"New Features" = ["enhancement"] +"CLI" = ["cli"] +"Documentation" = ["documentation"] + +[changelog] +ignore-contributors = ["dependabot[bot]"] +ignore-labels = ["internal", "ci", "duplicate", "rust", "wontfix", "needs-decision"] +include-contributors = true +changelog-heading = "{version}" From 592fad7d4ca211f271f153d5e98e7d3d0d7ad315 Mon Sep 17 00:00:00 2001 From: Matthew Mckee Date: Wed, 10 Dec 2025 19:02:49 +0000 Subject: [PATCH 02/10] Fix --- .github/workflows/build-binaries.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index bd1a4367..69fcf2b3 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -69,7 +69,7 @@ jobs: uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: target: ${{ matrix.platform.target }} - args: --release --locked --out dist --features + args: --release --locked --out dist sccache: "true" - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 @@ -107,7 +107,7 @@ jobs: uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: target: ${{ matrix.platform.target }} - args: --release --locked --out dist --features + args: --release --locked --out dist sccache: "true" - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 @@ -151,7 +151,7 @@ jobs: # 32-bit compiler runs out of memory (4GB memory limit for 32-bit), so we cross compile # from 64-bit version of the container, breaking the pattern from other builds. container: quay.io/pypa/manylinux2014 - args: --release --locked --out dist --features + args: --release --locked --out dist # See: https://github.com/sfackler/rust-openssl/issues/2036#issuecomment-1724324145 before-script-linux: | # Install the 32-bit cross target on 64-bit (noop if we're already on 64-bit) @@ -228,7 +228,7 @@ jobs: # On `aarch64`, use `manylinux: 2_28`; otherwise, use `manylinux: auto`. manylinux: ${{ matrix.platform.arch == 'aarch64' && '2_28' || 'auto' }} docker-options: ${{ matrix.platform.maturin_docker_options }} - args: --release --locked --out dist --features + args: --release --locked --out dist - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: @@ -272,7 +272,7 @@ jobs: with: target: ${{ matrix.platform.target }} manylinux: auto - args: --release --locked --out dist --features + args: --release --locked --out dist rust-toolchain: ${{ matrix.platform.toolchain || null }} env: CFLAGS_s390x_unknown_linux_gnu: -march=z10 @@ -326,7 +326,7 @@ jobs: target: ${{ matrix.platform.target }} manylinux: auto docker-options: ${{ matrix.platform.maturin_docker_options }} - args: --release --locked --out dist --features + args: --release --locked --out dist before-script-linux: | if command -v yum &> /dev/null; then yum update -y @@ -377,7 +377,7 @@ jobs: with: target: ${{ matrix.platform.target }} manylinux: auto - args: --release --locked --out dist --features + args: --release --locked --out dist - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: @@ -420,7 +420,7 @@ jobs: with: target: ${{ matrix.target }} manylinux: musllinux_1_1 - args: --release --locked --out dist --features + args: --release --locked --out dist - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: @@ -467,7 +467,7 @@ jobs: with: target: ${{ matrix.platform.target }} manylinux: musllinux_1_1 - args: --release --locked --out dist --features ${{ matrix.platform.arch == 'aarch64' && '--compatibility 2_17' || ''}} + args: --release --locked --out dist ${{ matrix.platform.arch == 'aarch64' && '--compatibility 2_17' || ''}} docker-options: ${{ matrix.platform.maturin_docker_options }} rust-toolchain: ${{ matrix.platform.toolchain || null }} - name: "Upload wheels" From cff13e5df1ca7606a63b2d4d9497e144e38d855e Mon Sep 17 00:00:00 2001 From: Matthew Mckee Date: Wed, 10 Dec 2025 19:10:22 +0000 Subject: [PATCH 03/10] Install python --- .github/workflows/build-binaries.yml | 79 ++++++++++++++++++++++++++++ .github/workflows/publish-pypi.yml | 32 +++++++++++ .github/workflows/release.yml | 17 +++++- dist-workspace.toml | 2 + 4 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/publish-pypi.yml diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index 69fcf2b3..addbc5c9 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -31,6 +31,7 @@ env: CARGO_NET_RETRY: 10 CARGO_TERM_COLOR: always RUSTUP_MAX_RETRIES: 10 + PYTHON_VERSION: "3.10" jobs: sdist: @@ -39,11 +40,17 @@ jobs: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false + + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: ${{ env.PYTHON_VERSION }} + - name: Build sdist uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: command: sdist args: --out dist + - name: "Upload sdist" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: @@ -65,23 +72,31 @@ jobs: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false + + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: ${{ env.PYTHON_VERSION }} + - name: "Build wheels" uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: target: ${{ matrix.platform.target }} args: --release --locked --out dist sccache: "true" + - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: wheels-windows-${{ matrix.platform.target }} path: dist + - name: "Archive binary" shell: bash run: | ARCHIVE_FILE=prek-${{ matrix.platform.target }}.zip 7z a $ARCHIVE_FILE ./target/${{ matrix.platform.target }}/release/prek.exe sha256sum $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: @@ -103,17 +118,24 @@ jobs: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false + + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: ${{ env.PYTHON_VERSION }} + - name: "Build wheels" uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: target: ${{ matrix.platform.target }} args: --release --locked --out dist sccache: "true" + - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: wheels-macos-${{ matrix.platform.target }} path: dist + - name: "Archive binary" run: | TARGET=${{ matrix.platform.target }} @@ -124,6 +146,7 @@ jobs: cp target/$TARGET/release/prek $ARCHIVE_NAME/prek tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: @@ -143,6 +166,11 @@ jobs: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false + + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: ${{ env.PYTHON_VERSION }} + - name: "Build wheels" uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: @@ -176,11 +204,13 @@ jobs: manylinux: auto env: CC: ${{ matrix.cc }} + - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: wheels-linux-${{ matrix.target }} path: dist + - name: "Archive binary" shell: bash run: | @@ -194,6 +224,7 @@ jobs: cp target/$TARGET/release/prek $ARCHIVE_NAME/prek tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: @@ -221,6 +252,11 @@ jobs: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false + + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: ${{ env.PYTHON_VERSION }} + - name: "Build wheels" uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: @@ -229,11 +265,13 @@ jobs: manylinux: ${{ matrix.platform.arch == 'aarch64' && '2_28' || 'auto' }} docker-options: ${{ matrix.platform.maturin_docker_options }} args: --release --locked --out dist + - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: wheels-linux-${{ matrix.platform.target }} path: dist + - name: "Archive binary" shell: bash run: | @@ -247,6 +285,7 @@ jobs: cp target/$TARGET/release/prek $ARCHIVE_NAME/prek tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: @@ -267,6 +306,11 @@ jobs: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false + + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: ${{ env.PYTHON_VERSION }} + - name: "Build wheels" uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: @@ -276,11 +320,13 @@ jobs: rust-toolchain: ${{ matrix.platform.toolchain || null }} env: CFLAGS_s390x_unknown_linux_gnu: -march=z10 + - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: wheels-linux-${{ matrix.platform.target }} path: dist + - name: "Archive binary" shell: bash run: | @@ -294,6 +340,7 @@ jobs: cp target/$TARGET/release/prek $ARCHIVE_NAME/prek tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: @@ -320,6 +367,11 @@ jobs: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false + + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: ${{ env.PYTHON_VERSION }} + - name: "Build wheels" uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: @@ -334,11 +386,13 @@ jobs: yum repolist yum install -y gcc-powerpc64-linux-gnu fi + - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: wheels-linux-${{ matrix.platform.target }} path: dist + - name: "Archive binary" shell: bash run: | @@ -352,6 +406,7 @@ jobs: cp target/$TARGET/release/prek $ARCHIVE_NAME/prek tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: @@ -372,17 +427,24 @@ jobs: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false + + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: ${{ env.PYTHON_VERSION }} + - name: "Build wheels" uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: target: ${{ matrix.platform.target }} manylinux: auto args: --release --locked --out dist + - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: wheels-linux-${{ matrix.platform.target }} path: dist + - name: "Archive binary" shell: bash run: | @@ -396,6 +458,7 @@ jobs: cp target/$TARGET/release/prek $ARCHIVE_NAME/prek tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: @@ -415,17 +478,24 @@ jobs: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false + + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: ${{ env.PYTHON_VERSION }} + - name: "Build wheels" uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: target: ${{ matrix.target }} manylinux: musllinux_1_1 args: --release --locked --out dist + - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: wheels-linux-${{ matrix.target }} path: dist + - name: "Archive binary" shell: bash run: | @@ -439,6 +509,7 @@ jobs: cp target/$TARGET/release/prek $ARCHIVE_NAME/prek tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: @@ -462,6 +533,11 @@ jobs: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false + + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: ${{ env.PYTHON_VERSION }} + - name: "Build wheels" uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: @@ -470,11 +546,13 @@ jobs: args: --release --locked --out dist ${{ matrix.platform.arch == 'aarch64' && '--compatibility 2_17' || ''}} docker-options: ${{ matrix.platform.maturin_docker_options }} rust-toolchain: ${{ matrix.platform.toolchain || null }} + - name: "Upload wheels" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: wheels-linux-${{ matrix.platform.target }} path: dist + - name: "Archive binary" shell: bash run: | @@ -488,6 +566,7 @@ jobs: cp target/$TARGET/release/prek $ARCHIVE_NAME/prek tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 + - name: "Upload binary" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml new file mode 100644 index 00000000..7dc7ddd1 --- /dev/null +++ b/.github/workflows/publish-pypi.yml @@ -0,0 +1,32 @@ +# Publish a release to PyPI registry. +# +# Assumed to run as a subworkflow of .github/workflows/release.yml; specifically, as a publish job +# within `cargo-dist`. +name: "Publish" + +on: + workflow_call: + inputs: + plan: + required: true + type: string + +jobs: + pypi-publish: + name: Upload to PyPI + runs-on: ubuntu-latest + environment: + name: release + permissions: + # For PyPI's trusted publishing. + id-token: write + steps: + - name: "Install uv" + uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4 + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + with: + pattern: wheels-* + path: wheels + merge-multiple: true + - name: Publish to PyPi + run: uv publish -v wheels/* diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 241131ee..ce0950a6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -192,15 +192,30 @@ jobs: name: artifacts-dist-manifest path: dist-manifest.json + custom-publish-pypi: + needs: + - plan + - host + if: ${{ !fromJson(needs.plan.outputs.val).announcement_is_prerelease || fromJson(needs.plan.outputs.val).publish_prereleases }} + uses: ./.github/workflows/publish-pypi.yml + with: + plan: ${{ needs.plan.outputs.val }} + secrets: inherit + # publish jobs get escalated permissions + permissions: + "id-token": "write" + "packages": "write" + # Create a GitHub Release while uploading all files to it announce: needs: - plan - host + - custom-publish-pypi # use "always() && ..." to allow us to wait for all publish jobs while # still allowing individual publish jobs to skip themselves (for prereleases). # "host" however must run to completion, no skipping allowed! - if: ${{ always() && needs.host.result == 'success' }} + if: ${{ always() && needs.host.result == 'success' && (needs.custom-publish-pypi.result == 'skipped' || needs.custom-publish-pypi.result == 'success') }} runs-on: "ubuntu-22.04" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/dist-workspace.toml b/dist-workspace.toml index ab284bb6..25520f15 100644 --- a/dist-workspace.toml +++ b/dist-workspace.toml @@ -51,6 +51,8 @@ github-release = "announce" build-local-artifacts = false # Local artifacts jobs to run in CI local-artifacts-jobs = ["./build-binaries"] +# Publish jobs to run in CI +publish-jobs = ["./publish-pypi"] # Post-announce jobs to run in CI post-announce-jobs = ["./publish-docs"] github-custom-job-permissions = { "publish-docs" = { contents = "read", pages = "write", id-token = "write" }} From 9294bf5dde0af1fa648f9e4988ed1ea61e2638c9 Mon Sep 17 00:00:00 2001 From: Matthew Mckee Date: Wed, 10 Dec 2025 19:12:48 +0000 Subject: [PATCH 04/10] Fix ci --- .github/workflows/build-binaries.yml | 36 ++++++++++++++-------------- .github/workflows/ci.yml | 8 ------- 2 files changed, 18 insertions(+), 26 deletions(-) diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index addbc5c9..ce9d6a41 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -93,8 +93,8 @@ jobs: - name: "Archive binary" shell: bash run: | - ARCHIVE_FILE=prek-${{ matrix.platform.target }}.zip - 7z a $ARCHIVE_FILE ./target/${{ matrix.platform.target }}/release/prek.exe + ARCHIVE_FILE=karva-${{ matrix.platform.target }}.zip + 7z a $ARCHIVE_FILE ./target/${{ matrix.platform.target }}/release/karva.exe sha256sum $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - name: "Upload binary" @@ -139,11 +139,11 @@ jobs: - name: "Archive binary" run: | TARGET=${{ matrix.platform.target }} - ARCHIVE_NAME=prek-$TARGET + ARCHIVE_NAME=karva-$TARGET ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + cp target/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -217,11 +217,11 @@ jobs: set -euo pipefail TARGET=${{ matrix.target }} - ARCHIVE_NAME=prek-$TARGET + ARCHIVE_NAME=karva-$TARGET ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + cp target/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -278,11 +278,11 @@ jobs: set -euo pipefail TARGET=${{ matrix.platform.target }} - ARCHIVE_NAME=prek-$TARGET + ARCHIVE_NAME=karva-$TARGET ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + cp target/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -333,11 +333,11 @@ jobs: set -euo pipefail TARGET=${{ matrix.platform.target }} - ARCHIVE_NAME=prek-$TARGET + ARCHIVE_NAME=karva-$TARGET ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + cp target/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -399,11 +399,11 @@ jobs: set -euo pipefail TARGET=${{ matrix.platform.target }} - ARCHIVE_NAME=prek-$TARGET + ARCHIVE_NAME=karva-$TARGET ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + cp target/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -451,11 +451,11 @@ jobs: set -euo pipefail TARGET=${{ matrix.platform.target }} - ARCHIVE_NAME=prek-$TARGET + ARCHIVE_NAME=karva-$TARGET ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + cp target/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -502,11 +502,11 @@ jobs: set -euo pipefail TARGET=${{ matrix.target }} - ARCHIVE_NAME=prek-$TARGET + ARCHIVE_NAME=karva-$TARGET ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + cp target/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -559,11 +559,11 @@ jobs: set -euo pipefail TARGET=${{ matrix.platform.target }} - ARCHIVE_NAME=prek-$TARGET + ARCHIVE_NAME=karva-$TARGET ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/prek $ARCHIVE_NAME/prek + cp target/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f54bfee7..5b51c215 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -265,14 +265,6 @@ jobs: run: cargo codspeed run --bench ${{ matrix.project }} mode: walltime - build-binaries: - name: "build binaries" - - needs: determine_changes - if: ${{ (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }} - - uses: ./.github/workflows/build.yml - project-diff: name: "run project diff" From da0c73e68c33f39044279b433c08686ac906fbc8 Mon Sep 17 00:00:00 2001 From: Matthew Mckee Date: Wed, 10 Dec 2025 20:14:26 +0000 Subject: [PATCH 05/10] Try fix build binariees --- .github/workflows/build-binaries.yml | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index ce9d6a41..6c49b940 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -94,7 +94,7 @@ jobs: shell: bash run: | ARCHIVE_FILE=karva-${{ matrix.platform.target }}.zip - 7z a $ARCHIVE_FILE ./target/${{ matrix.platform.target }}/release/karva.exe + 7z a $ARCHIVE_FILE ./target/wheels/${{ matrix.platform.target }}/release/karva.exe sha256sum $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - name: "Upload binary" @@ -143,7 +143,7 @@ jobs: ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/karva $ARCHIVE_NAME/karva + cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -221,7 +221,7 @@ jobs: ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/karva $ARCHIVE_NAME/karva + cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -282,7 +282,7 @@ jobs: ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/karva $ARCHIVE_NAME/karva + cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -337,7 +337,7 @@ jobs: ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/karva $ARCHIVE_NAME/karva + cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -403,7 +403,7 @@ jobs: ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/karva $ARCHIVE_NAME/karva + cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -455,7 +455,7 @@ jobs: ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/karva $ARCHIVE_NAME/karva + cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -506,7 +506,7 @@ jobs: ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/karva $ARCHIVE_NAME/karva + cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 @@ -525,7 +525,6 @@ jobs: platform: - target: aarch64-unknown-linux-musl arch: aarch64 - maturin_docker_options: -e JEMALLOC_SYS_WITH_LG_PAGE=16 - target: armv7-unknown-linux-musleabihf arch: armv7 fail-fast: false @@ -544,7 +543,6 @@ jobs: target: ${{ matrix.platform.target }} manylinux: musllinux_1_1 args: --release --locked --out dist ${{ matrix.platform.arch == 'aarch64' && '--compatibility 2_17' || ''}} - docker-options: ${{ matrix.platform.maturin_docker_options }} rust-toolchain: ${{ matrix.platform.toolchain || null }} - name: "Upload wheels" @@ -563,7 +561,7 @@ jobs: ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz mkdir -p $ARCHIVE_NAME - cp target/$TARGET/release/karva $ARCHIVE_NAME/karva + cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva tar czvf $ARCHIVE_FILE $ARCHIVE_NAME shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 From b2a3adc2251f56aaa17211c0eb0655a61caa4f5a Mon Sep 17 00:00:00 2001 From: Matthew Mckee Date: Thu, 11 Dec 2025 15:15:05 +0000 Subject: [PATCH 06/10] Progress --- .../{build-binaries.yml => build-wheels.yml} | 194 +----------------- .github/workflows/release.yml | 10 +- dist-workspace.toml | 40 ++-- seal.toml | 16 +- 4 files changed, 36 insertions(+), 224 deletions(-) rename .github/workflows/{build-binaries.yml => build-wheels.yml} (68%) diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-wheels.yml similarity index 68% rename from .github/workflows/build-binaries.yml rename to .github/workflows/build-wheels.yml index 6c49b940..501df388 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-wheels.yml @@ -1,10 +1,10 @@ -# Build karva on all platforms. +# Build karva wheels on all platforms. # -# Generates both wheels (for PyPI) and archived binaries (for GitHub releases). +# Generates wheels (for PyPI). # # Assumed to run as a subworkflow of .github/workflows/release.yml; specifically, as a local # artifacts job within `cargo-dist`. -name: "Build binaries" +name: "Build wheels" on: workflow_call: @@ -90,21 +90,6 @@ jobs: name: wheels-windows-${{ matrix.platform.target }} path: dist - - name: "Archive binary" - shell: bash - run: | - ARCHIVE_FILE=karva-${{ matrix.platform.target }}.zip - 7z a $ARCHIVE_FILE ./target/wheels/${{ matrix.platform.target }}/release/karva.exe - sha256sum $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - - - name: "Upload binary" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: artifacts-${{ matrix.platform.target }} - path: | - *.zip - *.sha256 - macos: runs-on: ${{ matrix.platform.runner }} strategy: @@ -136,25 +121,6 @@ jobs: name: wheels-macos-${{ matrix.platform.target }} path: dist - - name: "Archive binary" - run: | - TARGET=${{ matrix.platform.target }} - ARCHIVE_NAME=karva-$TARGET - ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz - - mkdir -p $ARCHIVE_NAME - cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva - tar czvf $ARCHIVE_FILE $ARCHIVE_NAME - shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - - - name: "Upload binary" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: artifacts-${{ matrix.platform.target }} - path: | - *.tar.gz - *.sha256 - linux: runs-on: ubuntu-latest strategy: @@ -211,28 +177,6 @@ jobs: name: wheels-linux-${{ matrix.target }} path: dist - - name: "Archive binary" - shell: bash - run: | - set -euo pipefail - - TARGET=${{ matrix.target }} - ARCHIVE_NAME=karva-$TARGET - ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz - - mkdir -p $ARCHIVE_NAME - cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva - tar czvf $ARCHIVE_FILE $ARCHIVE_NAME - shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - - - name: "Upload binary" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: artifacts-${{ matrix.target }} - path: | - *.tar.gz - *.sha256 - linux-arm: runs-on: ubuntu-latest timeout-minutes: 30 @@ -272,28 +216,6 @@ jobs: name: wheels-linux-${{ matrix.platform.target }} path: dist - - name: "Archive binary" - shell: bash - run: | - set -euo pipefail - - TARGET=${{ matrix.platform.target }} - ARCHIVE_NAME=karva-$TARGET - ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz - - mkdir -p $ARCHIVE_NAME - cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva - tar czvf $ARCHIVE_FILE $ARCHIVE_NAME - shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - - - name: "Upload binary" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: artifacts-${{ matrix.platform.target }} - path: | - *.tar.gz - *.sha256 - linux-s390x: runs-on: ubuntu-latest timeout-minutes: 30 @@ -327,28 +249,6 @@ jobs: name: wheels-linux-${{ matrix.platform.target }} path: dist - - name: "Archive binary" - shell: bash - run: | - set -euo pipefail - - TARGET=${{ matrix.platform.target }} - ARCHIVE_NAME=karva-$TARGET - ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz - - mkdir -p $ARCHIVE_NAME - cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva - tar czvf $ARCHIVE_FILE $ARCHIVE_NAME - shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - - - name: "Upload binary" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: artifacts-${{ matrix.platform.target }} - path: | - *.tar.gz - *.sha256 - linux-powerpc: runs-on: ubuntu-latest timeout-minutes: 30 @@ -393,28 +293,6 @@ jobs: name: wheels-linux-${{ matrix.platform.target }} path: dist - - name: "Archive binary" - shell: bash - run: | - set -euo pipefail - - TARGET=${{ matrix.platform.target }} - ARCHIVE_NAME=karva-$TARGET - ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz - - mkdir -p $ARCHIVE_NAME - cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva - tar czvf $ARCHIVE_FILE $ARCHIVE_NAME - shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - - - name: "Upload binary" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: artifacts-${{ matrix.platform.target }} - path: | - *.tar.gz - *.sha256 - linux-riscv64: runs-on: ubuntu-latest timeout-minutes: 30 @@ -445,28 +323,6 @@ jobs: name: wheels-linux-${{ matrix.platform.target }} path: dist - - name: "Archive binary" - shell: bash - run: | - set -euo pipefail - - TARGET=${{ matrix.platform.target }} - ARCHIVE_NAME=karva-$TARGET - ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz - - mkdir -p $ARCHIVE_NAME - cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva - tar czvf $ARCHIVE_FILE $ARCHIVE_NAME - shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - - - name: "Upload binary" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: artifacts-${{ matrix.platform.target }} - path: | - *.tar.gz - *.sha256 - musllinux: runs-on: ubuntu-latest strategy: @@ -496,28 +352,6 @@ jobs: name: wheels-linux-${{ matrix.target }} path: dist - - name: "Archive binary" - shell: bash - run: | - set -euo pipefail - - TARGET=${{ matrix.target }} - ARCHIVE_NAME=karva-$TARGET - ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz - - mkdir -p $ARCHIVE_NAME - cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva - tar czvf $ARCHIVE_FILE $ARCHIVE_NAME - shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - - - name: "Upload binary" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: artifacts-${{ matrix.target }} - path: | - *.tar.gz - *.sha256 - musllinux-cross: runs-on: ubuntu-latest strategy: @@ -550,25 +384,3 @@ jobs: with: name: wheels-linux-${{ matrix.platform.target }} path: dist - - - name: "Archive binary" - shell: bash - run: | - set -euo pipefail - - TARGET=${{ matrix.platform.target }} - ARCHIVE_NAME=karva-$TARGET - ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz - - mkdir -p $ARCHIVE_NAME - cp target/wheels/$TARGET/release/karva $ARCHIVE_NAME/karva - tar czvf $ARCHIVE_FILE $ARCHIVE_NAME - shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256 - - - name: "Upload binary" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: artifacts-${{ matrix.platform.target }} - path: | - *.tar.gz - *.sha256 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ce0950a6..621df740 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -91,11 +91,11 @@ jobs: name: artifacts-plan-dist-manifest path: plan-dist-manifest.json - custom-build-binaries: + custom-build-wheels: needs: - plan if: ${{ needs.plan.outputs.publishing == 'true' || fromJson(needs.plan.outputs.val).ci.github.pr_run_mode == 'upload' || inputs.tag == 'dry-run' }} - uses: ./.github/workflows/build-binaries.yml + uses: ./.github/workflows/build-wheels.yml with: plan: ${{ needs.plan.outputs.val }} secrets: inherit @@ -104,7 +104,7 @@ jobs: build-global-artifacts: needs: - plan - - custom-build-binaries + - custom-build-wheels runs-on: "ubuntu-22.04" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -150,10 +150,10 @@ jobs: host: needs: - plan - - custom-build-binaries + - custom-build-wheels - build-global-artifacts # Only run if we're "publishing", and only if plan, local and global didn't fail (skipped is fine) - if: ${{ always() && needs.plan.result == 'success' && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.custom-build-binaries.result == 'skipped' || needs.custom-build-binaries.result == 'success') }} + if: ${{ always() && needs.plan.result == 'success' && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.custom-build-wheels.result == 'skipped' || needs.custom-build-wheels.result == 'success') }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} runs-on: "ubuntu-22.04" diff --git a/dist-workspace.toml b/dist-workspace.toml index 25520f15..7fa08e77 100644 --- a/dist-workspace.toml +++ b/dist-workspace.toml @@ -10,31 +10,29 @@ cargo-dist-version = "0.30.2" dist = false # CI backends to support ci = "github" -# The installers to generate for each app -installers = ["shell", "powershell"] # The archive format to use for windows builds (defaults .zip) windows-archive = ".zip" # The archive format to use for non-windows builds (defaults .tar.xz) unix-archive = ".tar.gz" # Target platforms to build apps for (Rust target-triple syntax) -targets = [ - "aarch64-apple-darwin", - "aarch64-unknown-linux-gnu", - "aarch64-unknown-linux-musl", - "arm-unknown-linux-musleabihf", - "armv7-unknown-linux-gnueabihf", - "armv7-unknown-linux-musleabihf", - "x86_64-apple-darwin", - "powerpc64-unknown-linux-gnu", - "powerpc64le-unknown-linux-gnu", - "riscv64gc-unknown-linux-gnu", - "s390x-unknown-linux-gnu", - "x86_64-unknown-linux-gnu", - "x86_64-unknown-linux-musl", - "x86_64-pc-windows-msvc", - "i686-unknown-linux-gnu", - "i686-unknown-linux-musl", -] +# targets = [ +# "aarch64-apple-darwin", +# "aarch64-unknown-linux-gnu", +# "aarch64-unknown-linux-musl", +# "arm-unknown-linux-musleabihf", +# "armv7-unknown-linux-gnueabihf", +# "armv7-unknown-linux-musleabihf", +# "x86_64-apple-darwin", +# "powerpc64-unknown-linux-gnu", +# "powerpc64le-unknown-linux-gnu", +# "riscv64gc-unknown-linux-gnu", +# "s390x-unknown-linux-gnu", +# "x86_64-unknown-linux-gnu", +# "x86_64-unknown-linux-musl", +# "x86_64-pc-windows-msvc", +# "i686-unknown-linux-gnu", +# "i686-unknown-linux-musl", +# ] # Whether to auto-include files like READMEs, LICENSEEs, and CHANGELOGs (default true) auto-includes = false # Whether dist should create a Github Release or use an existing draft @@ -50,7 +48,7 @@ github-release = "announce" # Whether CI should include auto-generated code to build local artifacts build-local-artifacts = false # Local artifacts jobs to run in CI -local-artifacts-jobs = ["./build-binaries"] +local-artifacts-jobs = ["./build-wheels"] # Publish jobs to run in CI publish-jobs = ["./publish-pypi"] # Post-announce jobs to run in CI diff --git a/seal.toml b/seal.toml index 0c0a13bd..42f283da 100644 --- a/seal.toml +++ b/seal.toml @@ -1,11 +1,13 @@ [release] -current-version = "0.0.1-alpha.3" +current-version = "0.1.11" version-files = [ - "crates/seal_version/Cargo.toml", - "crates/seal/Cargo.toml", "README.md", - { path = "dist-workspace.toml", field = "workspace.version", format = "toml" } + "crates/karva/Cargo.toml", + "crates/karva_cli/Cargo.toml", + "pyproject.toml", + "python/karva/__init__.py" + # { path = "dist-workspace.toml", field = "workspace.version", format = "toml" } ] commit-message = "Release v{version}" @@ -16,10 +18,10 @@ confirm = true [changelog.section-labels] "Bug Fixes" = ["bug"] -"Changelog " = ["changelog"] -"Bumping" = ["bumping"] +"Reporting" = ["reporting"] +"Extensions" = ["extensions/fixtures", "extensions/tags"] "Configuration" = ["configuration"] -"New Features" = ["enhancement"] +"Discovery" = ["discovery"] "CLI" = ["cli"] "Documentation" = ["documentation"] From fbcab66384b13b7d19128bf1ce63f72048410f6a Mon Sep 17 00:00:00 2001 From: Matthew Mckee Date: Thu, 11 Dec 2025 15:17:43 +0000 Subject: [PATCH 07/10] Progress --- dist-workspace.toml | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/dist-workspace.toml b/dist-workspace.toml index 7fa08e77..ccdc65d2 100644 --- a/dist-workspace.toml +++ b/dist-workspace.toml @@ -15,24 +15,24 @@ windows-archive = ".zip" # The archive format to use for non-windows builds (defaults .tar.xz) unix-archive = ".tar.gz" # Target platforms to build apps for (Rust target-triple syntax) -# targets = [ -# "aarch64-apple-darwin", -# "aarch64-unknown-linux-gnu", -# "aarch64-unknown-linux-musl", -# "arm-unknown-linux-musleabihf", -# "armv7-unknown-linux-gnueabihf", -# "armv7-unknown-linux-musleabihf", -# "x86_64-apple-darwin", -# "powerpc64-unknown-linux-gnu", -# "powerpc64le-unknown-linux-gnu", -# "riscv64gc-unknown-linux-gnu", -# "s390x-unknown-linux-gnu", -# "x86_64-unknown-linux-gnu", -# "x86_64-unknown-linux-musl", -# "x86_64-pc-windows-msvc", -# "i686-unknown-linux-gnu", -# "i686-unknown-linux-musl", -# ] +targets = [ + "aarch64-apple-darwin", + "aarch64-unknown-linux-gnu", + "aarch64-unknown-linux-musl", + "arm-unknown-linux-musleabihf", + "armv7-unknown-linux-gnueabihf", + "armv7-unknown-linux-musleabihf", + "x86_64-apple-darwin", + "powerpc64-unknown-linux-gnu", + "powerpc64le-unknown-linux-gnu", + "riscv64gc-unknown-linux-gnu", + "s390x-unknown-linux-gnu", + "x86_64-unknown-linux-gnu", + "x86_64-unknown-linux-musl", + "x86_64-pc-windows-msvc", + "i686-unknown-linux-gnu", + "i686-unknown-linux-musl", +] # Whether to auto-include files like READMEs, LICENSEEs, and CHANGELOGs (default true) auto-includes = false # Whether dist should create a Github Release or use an existing draft @@ -49,6 +49,7 @@ github-release = "announce" build-local-artifacts = false # Local artifacts jobs to run in CI local-artifacts-jobs = ["./build-wheels"] +build-global-artifacts = false # Publish jobs to run in CI publish-jobs = ["./publish-pypi"] # Post-announce jobs to run in CI From dc6f50591a254072bfbc990db5914d8ffe68672e Mon Sep 17 00:00:00 2001 From: Matthew Mckee Date: Thu, 11 Dec 2025 15:20:02 +0000 Subject: [PATCH 08/10] Progress --- .github/workflows/build-wheels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-wheels.yml b/.github/workflows/build-wheels.yml index 501df388..a4f0c48e 100644 --- a/.github/workflows/build-wheels.yml +++ b/.github/workflows/build-wheels.yml @@ -17,7 +17,7 @@ on: # When we change pyproject.toml, we want to ensure that the maturin builds still work. - pyproject.toml # And when we change this workflow itself... - - .github/workflows/build-binaries.yml + - .github/workflows/build-wheels.yml permissions: contents: read From 31c534f6e81ed9fdc16f3586cbd0616f7d494b68 Mon Sep 17 00:00:00 2001 From: Matthew Mckee Date: Thu, 11 Dec 2025 15:30:09 +0000 Subject: [PATCH 09/10] Fix build --- .github/workflows/build-wheels.yml | 336 +++++++---------------------- 1 file changed, 72 insertions(+), 264 deletions(-) diff --git a/.github/workflows/build-wheels.yml b/.github/workflows/build-wheels.yml index a4f0c48e..dd8acb3f 100644 --- a/.github/workflows/build-wheels.yml +++ b/.github/workflows/build-wheels.yml @@ -34,353 +34,161 @@ env: PYTHON_VERSION: "3.10" jobs: - sdist: + linux: + name: build wheels (Linux, ${{ matrix.platform.target }}) runs-on: ubuntu-latest - steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - with: - persist-credentials: false - - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: Build sdist - uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 - with: - command: sdist - args: --out dist - - - name: "Upload sdist" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: wheels-sdist - path: dist - - windows: - runs-on: windows-latest strategy: matrix: platform: - - target: x86_64-pc-windows-msvc - arch: x64 - - target: i686-pc-windows-msvc - arch: x86 - - target: aarch64-pc-windows-msvc - arch: x64 # not relevant here - steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - with: - persist-credentials: false + - target: x86_64 + - target: x86 + - target: aarch64 + - target: armv7 - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: "Build wheels" - uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 - with: - target: ${{ matrix.platform.target }} - args: --release --locked --out dist - sccache: "true" - - - name: "Upload wheels" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: wheels-windows-${{ matrix.platform.target }} - path: dist - - macos: - runs-on: ${{ matrix.platform.runner }} - strategy: - matrix: - platform: - - runner: macos-15 - target: x86_64-apple-darwin - - runner: macos-15 - target: aarch64-apple-darwin steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - name: Checkout repository + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: persist-credentials: false - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + - name: Set up Python + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: ${{ env.PYTHON_VERSION }} - - name: "Build wheels" + - name: Build wheels uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: target: ${{ matrix.platform.target }} - args: --release --locked --out dist - sccache: "true" - - - name: "Upload wheels" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: wheels-macos-${{ matrix.platform.target }} - path: dist - - linux: - runs-on: ubuntu-latest - strategy: - matrix: - include: - - { target: "i686-unknown-linux-gnu", cc: "gcc -m32" } - - { target: "x86_64-unknown-linux-gnu", cc: "gcc" } - steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - with: - persist-credentials: false - - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: "Build wheels" - uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 - with: - target: ${{ matrix.target }} - # Generally, we try to build in a target docker container. In this case however, a - # 32-bit compiler runs out of memory (4GB memory limit for 32-bit), so we cross compile - # from 64-bit version of the container, breaking the pattern from other builds. - container: quay.io/pypa/manylinux2014 - args: --release --locked --out dist - # See: https://github.com/sfackler/rust-openssl/issues/2036#issuecomment-1724324145 - before-script-linux: | - # Install the 32-bit cross target on 64-bit (noop if we're already on 64-bit) - rustup target add ${{ matrix.target }} - # If we're running on rhel centos, install needed packages. - if command -v yum &> /dev/null; then - yum update -y && yum install -y perl-core openssl openssl-devel pkgconfig libatomic - - # If we're running on i686 we need to symlink libatomic - # in order to build openssl with -latomic flag. - if [[ ! -d "/usr/lib64" ]]; then - ln -s /usr/lib/libatomic.so.1 /usr/lib/libatomic.so - else - # Support cross-compiling from 64-bit to 32-bit - yum install -y glibc-devel.i686 libstdc++-devel.i686 - fi - else - # If we're running on debian-based system. - apt update -y && apt-get install -y libssl-dev openssl pkg-config - fi - sccache: "true" + args: --release --out dist manylinux: auto - env: - CC: ${{ matrix.cc }} - - name: "Upload wheels" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: wheels-linux-${{ matrix.target }} - path: dist - - linux-arm: - runs-on: ubuntu-latest - timeout-minutes: 30 - strategy: - matrix: - platform: - - target: aarch64-unknown-linux-gnu - arch: aarch64 - # see https://github.com/astral-sh/ruff/issues/3791 - # and https://github.com/gnzlbg/jemallocator/issues/170#issuecomment-1503228963 - maturin_docker_options: -e JEMALLOC_SYS_WITH_LG_PAGE=16 - - target: armv7-unknown-linux-gnueabihf - arch: armv7 - - target: arm-unknown-linux-musleabihf - arch: arm - steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - with: - persist-credentials: false - - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: "Build wheels" - uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 - with: - target: ${{ matrix.platform.target }} - # On `aarch64`, use `manylinux: 2_28`; otherwise, use `manylinux: auto`. - manylinux: ${{ matrix.platform.arch == 'aarch64' && '2_28' || 'auto' }} - docker-options: ${{ matrix.platform.maturin_docker_options }} - args: --release --locked --out dist - - - name: "Upload wheels" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - name: Upload wheels + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: wheels-linux-${{ matrix.platform.target }} path: dist - linux-s390x: + musllinux: + name: build wheels (Linux Musl, ${{ matrix.platform.target }}) runs-on: ubuntu-latest - timeout-minutes: 30 strategy: matrix: platform: - - target: s390x-unknown-linux-gnu - arch: s390x + - target: x86_64 + - target: x86 + - target: aarch64 + - target: armv7 + steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: persist-credentials: false - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + - name: Set up Python + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: ${{ env.PYTHON_VERSION }} - - name: "Build wheels" + - name: Build wheels uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: target: ${{ matrix.platform.target }} - manylinux: auto - args: --release --locked --out dist - rust-toolchain: ${{ matrix.platform.toolchain || null }} - env: - CFLAGS_s390x_unknown_linux_gnu: -march=z10 + args: --release --out dist + manylinux: musllinux_1_2 - - name: "Upload wheels" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - name: Upload wheels + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: wheels-linux-${{ matrix.platform.target }} + name: wheels-musllinux-${{ matrix.platform.target }} path: dist - linux-powerpc: - runs-on: ubuntu-latest - timeout-minutes: 30 + windows: + name: build wheels (Windows, ${{ matrix.platform.target }}) + runs-on: windows-latest strategy: matrix: platform: - - target: powerpc64le-unknown-linux-gnu - arch: ppc64le - # see https://github.com/astral-sh/uv/issues/6528 - maturin_docker_options: -e JEMALLOC_SYS_WITH_LG_PAGE=16 - - target: powerpc64-unknown-linux-gnu - arch: ppc64 - # see https://github.com/astral-sh/uv/issues/6528 - maturin_docker_options: -e JEMALLOC_SYS_WITH_LG_PAGE=16 + - target: x64 + - target: x86 + steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: persist-credentials: false - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + - name: Set up Python + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: ${{ env.PYTHON_VERSION }} + architecture: ${{ matrix.platform.target }} - - name: "Build wheels" + - name: Build wheels uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: target: ${{ matrix.platform.target }} - manylinux: auto - docker-options: ${{ matrix.platform.maturin_docker_options }} - args: --release --locked --out dist - before-script-linux: | - if command -v yum &> /dev/null; then - yum update -y - yum -y install epel-release - yum repolist - yum install -y gcc-powerpc64-linux-gnu - fi + args: --release --out dist - - name: "Upload wheels" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - name: Upload wheels + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: wheels-linux-${{ matrix.platform.target }} + name: wheels-windows-${{ matrix.platform.target }} path: dist - linux-riscv64: - runs-on: ubuntu-latest - timeout-minutes: 30 + macos: + name: build wheels (macOS, ${{ matrix.platform.target }}) + runs-on: ${{ matrix.platform.runner }} strategy: matrix: platform: - - target: riscv64gc-unknown-linux-gnu - arch: riscv64 - steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - with: - persist-credentials: false - - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: "Build wheels" - uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 - with: - target: ${{ matrix.platform.target }} - manylinux: auto - args: --release --locked --out dist - - - name: "Upload wheels" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: wheels-linux-${{ matrix.platform.target }} - path: dist + - runner: macos-15-intel + target: x86_64 + - runner: macos-15 + target: aarch64 - musllinux: - runs-on: ubuntu-latest - strategy: - matrix: - target: - - x86_64-unknown-linux-musl - - i686-unknown-linux-musl steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: persist-credentials: false - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + - name: Set up Python + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: ${{ env.PYTHON_VERSION }} - - name: "Build wheels" + - name: Build wheels uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: - target: ${{ matrix.target }} - manylinux: musllinux_1_1 - args: --release --locked --out dist + target: ${{ matrix.platform.target }} + args: --release --out dist - - name: "Upload wheels" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - name: Upload wheels + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: wheels-linux-${{ matrix.target }} + name: wheels-macos-${{ matrix.platform.target }} path: dist - musllinux-cross: + sdist: + name: build source distribution runs-on: ubuntu-latest - strategy: - matrix: - platform: - - target: aarch64-unknown-linux-musl - arch: aarch64 - - target: armv7-unknown-linux-musleabihf - arch: armv7 - fail-fast: false steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: persist-credentials: false - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + - name: Set up Python + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: ${{ env.PYTHON_VERSION }} - - name: "Build wheels" + - name: Build sdist uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 with: - target: ${{ matrix.platform.target }} - manylinux: musllinux_1_1 - args: --release --locked --out dist ${{ matrix.platform.arch == 'aarch64' && '--compatibility 2_17' || ''}} - rust-toolchain: ${{ matrix.platform.toolchain || null }} + command: sdist + args: --out dist - - name: "Upload wheels" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - name: Upload sdist + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: wheels-linux-${{ matrix.platform.target }} + name: wheels-sdist path: dist From 85f94274cbd39dc95c2c443bd3d9a326cdec2ba6 Mon Sep 17 00:00:00 2001 From: Matthew Mckee Date: Thu, 11 Dec 2025 15:43:07 +0000 Subject: [PATCH 10/10] Fix prek --- .github/zizmor.yml | 12 ++++++++++++ crates/karva/Cargo.toml | 3 --- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/zizmor.yml b/.github/zizmor.yml index ab63c8ab..303cae5e 100644 --- a/.github/zizmor.yml +++ b/.github/zizmor.yml @@ -1,7 +1,19 @@ rules: template-injection: ignore: + # like with `secrets-inherit`, `cargo dist` introduces some + # template injections. We've manually audited these usages for safety. + - release.yml - "diff.yml" + secrets-inherit: + # `cargo dist` makes extensive use of `secrets: inherit`, + # and we can't easily fix that until an upstream release changes that. + disable: true + excessive-permissions: + # it's hard to test what the impact of removing these ignores would be + # without actually running the release workflow... + ignore: + - release.yml unpinned-uses: config: policies: diff --git a/crates/karva/Cargo.toml b/crates/karva/Cargo.toml index 9568ec3a..6ddc87c3 100644 --- a/crates/karva/Cargo.toml +++ b/crates/karva/Cargo.toml @@ -22,6 +22,3 @@ pyo3 = { workspace = true } [lints] workspace = true - -[package.metadata.dist] -dist = true