From 875e337dac1521492f245cbfa5a599b0331742d1 Mon Sep 17 00:00:00 2001 From: Kyle Benesch <4b796c65+github@gmail.com> Date: Sun, 1 Feb 2026 00:48:18 -0800 Subject: [PATCH] Improve GitHub workflows Manual test of `[skip ci]` is not required for GitHub actions: https://docs.github.com/en/actions/how-tos/manage-workflow-runs/skip-workflow-runs `actions/upload-artifact` should detect missing files and avoid compressing already compressed archives. Attestation uses special permissions and it is important not to do anything unrelated while those permissions are in scope such as building Python distributions. I have moved sdists to their own job for this reason. Update the environment URL to link directly to the specific release version. `success()` is the default so adding it is redundant: https://docs.github.com/en/actions/reference/workflows-and-actions/expressions#status-check-functions `startsWith(github.ref, 'refs/tags')` is replaced with `github.ref_type == 'tag'`. Common actions updated to their latest version. --- .github/workflows/ci.yml | 50 +++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f1ce113..cc45fef 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,6 @@ on: jobs: build: name: Build wheels on ${{ matrix.os }} ${{ matrix.name }} - if: "!contains(github.event.head_commit.message, '[skip ci]')" runs-on: ${{ matrix.os }} strategy: matrix: @@ -39,7 +38,7 @@ jobs: name: '(musllinux aarch64)' qemu: true steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 # unshallow fetch for setuptools-scm @@ -65,47 +64,60 @@ jobs: output-dir: dist - name: Upload distributions - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: path: dist name: dist-${{ matrix.os }}-${{ matrix.arch }}-${{ matrix.build }}-${{ matrix.name }} + if-no-files-found: error + compression-level: 0 # files already compressed - publish: - name: Publish release to Pypi + sdist: + name: Build source distrubtion runs-on: ubuntu-latest - needs: [build] - if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags') - permissions: - id-token: write - environment: - name: pypi - url: https://pypi.org/p/freetype-py/ steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 # unshallow fetch for setuptools-scm - name: Set up Python 3.9 - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.9' + - name: Build sdist + run: python setup.py sdist + - name: Upload sdist + uses: actions/upload-artifact@v6 + with: + path: dist + name: dist-source + if-no-files-found: error + compression-level: 0 # files already compressed + + publish: + name: Publish release to Pypi + runs-on: ubuntu-latest + needs: [build, sdist] + if: github.event_name == 'push' && github.ref_type == 'tag' + permissions: + id-token: write # for attestation + environment: + name: pypi + url: https://pypi.org/p/freetype-py/${{ github.ref }}/ + steps: - name: Download assets uses: actions/download-artifact@v4 with: merge-multiple: true path: dist pattern: dist-* - - name: Build sdist - run: | - python setup.py sdist - uses: pypa/gh-action-pypi-publish@release/v1 test-pyinstaller: name: Test pyinstaller hook runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Python 3.9 - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.9' - name: Test pyinstaller hook