From b244785b3242154d85eb0ef532629c9c860b292f Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 22 Jul 2025 10:18:17 -0700 Subject: [PATCH 01/38] use manual workflow dispatch to publish artifacts --- .github/workflows/build.yml | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 716171b2..c003cf9e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,13 +14,21 @@ on: type: boolean publish: required: false - type: string + type: boolean + default: false setup: required: false type: string target: required: true type: string + workflow_dispatch: + inputs: + publish: + description: 'Publish to PyPI' + required: false + type: boolean + default: false jobs: reusable-build: if: ${{ inputs.if }} @@ -57,7 +65,7 @@ jobs: if: ${{ inputs.target == 'x86_64-unknown-linux-musl' || inputs.target == 'aarch64-unknown-linux-musl' }} with: image: ${{ inputs.docker }} - options: '-e SHOULD_PUBLISH=${{ inputs.publish }} --user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' run: | echo "apk add:" apk upgrade @@ -70,7 +78,8 @@ jobs: ./venv/bin/pip install patchelf make build - if [ "${SHOULD_PUBLISH}" == 'true' ]; then + # Only publish if manually triggered + if [ "${{ inputs.publish }}" = 'true' ]; then echo "~~~~ maturin publishing" . ./venv/bin/activate && maturin publish --no-sdist -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} fi @@ -79,7 +88,7 @@ jobs: if: ${{ inputs.target == 'aarch64-unknown-linux-gnu' }} with: image: ${{ inputs.docker }} - options: '-e SHOULD_PUBLISH=${{ inputs.publish }} --user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' run: | # Ensure multilib support is available sudo apt -y update @@ -98,7 +107,7 @@ jobs: . .env/bin/activate && pip install -r requirements.txt . .env/bin/activate && pip install patchelf # this is in raw 'sh', use single '=' - if [ "${SHOULD_PUBLISH}" = 'true' ]; then + if [ "${inputs.publish}" = 'true' ]; then echo "~~~~ maturin publishing" # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} @@ -111,7 +120,7 @@ jobs: if: ${{ inputs.target == 'armv7-unknown-linux-gnueabihf' }} with: image: ${{ inputs.docker }} - options: '-e SHOULD_PUBLISH=${{ inputs.publish }} --user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' run: | # Ensure multilib support is available sudo apt -y update @@ -133,7 +142,7 @@ jobs: . .env/bin/activate && pip install -r requirements.txt . .env/bin/activate && pip install patchelf # this is in raw 'sh', use single '=' - if [ "${SHOULD_PUBLISH}" = 'true' ]; then + if [ "${inputs.publish}" = 'true' ]; then echo "~~~~ maturin publishing" # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} From 9719fcf5cc8ed011ab802ef1205597294d9d2309 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 22 Jul 2025 10:28:29 -0700 Subject: [PATCH 02/38] Revert "use manual workflow dispatch to publish artifacts" This reverts commit b244785b3242154d85eb0ef532629c9c860b292f. --- .github/workflows/build.yml | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c003cf9e..716171b2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,21 +14,13 @@ on: type: boolean publish: required: false - type: boolean - default: false + type: string setup: required: false type: string target: required: true type: string - workflow_dispatch: - inputs: - publish: - description: 'Publish to PyPI' - required: false - type: boolean - default: false jobs: reusable-build: if: ${{ inputs.if }} @@ -65,7 +57,7 @@ jobs: if: ${{ inputs.target == 'x86_64-unknown-linux-musl' || inputs.target == 'aarch64-unknown-linux-musl' }} with: image: ${{ inputs.docker }} - options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + options: '-e SHOULD_PUBLISH=${{ inputs.publish }} --user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' run: | echo "apk add:" apk upgrade @@ -78,8 +70,7 @@ jobs: ./venv/bin/pip install patchelf make build - # Only publish if manually triggered - if [ "${{ inputs.publish }}" = 'true' ]; then + if [ "${SHOULD_PUBLISH}" == 'true' ]; then echo "~~~~ maturin publishing" . ./venv/bin/activate && maturin publish --no-sdist -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} fi @@ -88,7 +79,7 @@ jobs: if: ${{ inputs.target == 'aarch64-unknown-linux-gnu' }} with: image: ${{ inputs.docker }} - options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + options: '-e SHOULD_PUBLISH=${{ inputs.publish }} --user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' run: | # Ensure multilib support is available sudo apt -y update @@ -107,7 +98,7 @@ jobs: . .env/bin/activate && pip install -r requirements.txt . .env/bin/activate && pip install patchelf # this is in raw 'sh', use single '=' - if [ "${inputs.publish}" = 'true' ]; then + if [ "${SHOULD_PUBLISH}" = 'true' ]; then echo "~~~~ maturin publishing" # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} @@ -120,7 +111,7 @@ jobs: if: ${{ inputs.target == 'armv7-unknown-linux-gnueabihf' }} with: image: ${{ inputs.docker }} - options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + options: '-e SHOULD_PUBLISH=${{ inputs.publish }} --user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' run: | # Ensure multilib support is available sudo apt -y update @@ -142,7 +133,7 @@ jobs: . .env/bin/activate && pip install -r requirements.txt . .env/bin/activate && pip install patchelf # this is in raw 'sh', use single '=' - if [ "${inputs.publish}" = 'true' ]; then + if [ "${SHOULD_PUBLISH}" = 'true' ]; then echo "~~~~ maturin publishing" # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} From 6ee396460d93a2463bab64d9b272ef955145612e Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 22 Jul 2025 10:33:22 -0700 Subject: [PATCH 03/38] create new publish all workflow --- .github/workflows/build.yml | 3 +- .github/workflows/ci.yml | 57 +++-------------------------------- .github/workflows/publish.yml | 44 +++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 54 deletions(-) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 716171b2..7a0f5d12 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,7 +14,8 @@ on: type: boolean publish: required: false - type: string + type: boolean + default: false setup: required: false type: string diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b4b866b3..dd4c943d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -61,32 +61,10 @@ jobs: run: | NGROK_AUTHTOKEN=${{ secrets.NGROK_AUTHTOKEN }} make mypy NGROK_AUTHTOKEN=${{ secrets.NGROK_AUTHTOKEN }} make testfast - decide: - name: Decide on Publishing - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Decide - id: decide - run: | - echo "github.ref: ${{ github.ref }}" - echo "github.repository: ${{ github.repository }}" - echo "git log:" - git log -1 --pretty=%B - - if [ '${{ github.ref }}' == 'refs/heads/main' ] && [ '${{ github.repository }}' == 'ngrok/ngrok-python' ] && git log -1 --pretty=%B | grep "^Release [0-9]\+\.[0-9]\+\.[0-9]\+$"; then - echo "SHOULD_PUBLISH=true" >> $GITHUB_OUTPUT - else - echo "SHOULD_PUBLISH=false" >> $GITHUB_OUTPUT - fi - cat $GITHUB_OUTPUT - outputs: - publish: ${{ steps.decide.outputs.SHOULD_PUBLISH }} build: needs: - clippy - - decide - fmt - test - udeps @@ -96,7 +74,7 @@ jobs: docker: ${{ matrix.settings.docker }} host: ${{ matrix.settings.host }} if: true - publish: ${{ needs.decide.outputs.publish }} + publish: false setup: ${{ matrix.settings.setup }} target: ${{ matrix.settings.target }} strategy: @@ -136,7 +114,6 @@ jobs: target: x86_64-pc-windows-msvc build-freebsd: - needs: decide runs-on: ubuntu-22.04 name: Build FreeBSD timeout-minutes: 20 @@ -152,9 +129,8 @@ jobs: RUSTUP_HOME: /usr/local/rustup CARGO_HOME: /usr/local/cargo RUSTUP_IO_THREADS: 1 - SHOULD_PUBLISH: ${{ needs.decide.outputs.publish }} with: - envs: RUSTUP_HOME CARGO_HOME RUSTUP_IO_THREADS SHOULD_PUBLISH + envs: RUSTUP_HOME CARGO_HOME RUSTUP_IO_THREADS usesh: true mem: 3000 prepare: | @@ -167,16 +143,8 @@ jobs: export PATH="/usr/local/cargo/bin:$PATH" python3 -m venv .env . .env/bin/activate && pip install -r requirements.txt - if [ "${SHOULD_PUBLISH}" == 'true' ]; then - echo "~~~~ maturin just building since pypi doesn't support BSD wheels" - # https://discuss.python.org/t/pypi-org-unsupported-platform-tag-openbsd-7-0-amd64/16302 - # . .env/bin/activate && maturin publish --no-sdist -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} - . .env/bin/activate && maturin build - else - echo "~~~~ maturin building" - . .env/bin/activate && maturin build - fi - # make the rsync back faster + echo "~~~~ maturin building" + . .env/bin/activate && maturin build rm -rf .env/ target/debug/ target/release/ - name: Upload artifact uses: actions/upload-artifact@v4 @@ -184,20 +152,3 @@ jobs: name: bindings-freebsd path: target/wheels/*.whl if-no-files-found: error - tag: - if: ${{ github.ref == 'refs/heads/main' && needs.decide.outputs.publish == true }} - needs: - - decide - - build - runs-on: ubuntu-latest - name: Tag Release - steps: - - uses: actions/checkout@v4 - - uses: jrobsonchase/direnv-action@v0.7 - - name: Tag - run: | - version="$(extract-crate-version ngrok-python)" - git config user.name "GitHub Action" - git config user.email noreply@ngrok.com - git tag -a -m "Version ${version}" v${version} - git push --tags diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..bd43f629 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,44 @@ +name: Publish All +on: + workflow_dispatch: + +jobs: + publish-all: + matrix: + settings: + # List all targets you want to publish + - host: macos-latest + target: aarch64-apple-darwin + - host: macos-latest + target: universal2-apple-darwin + - host: macos-latest + target: x86_64-apple-darwin + - host: ubuntu-latest + target: aarch64-unknown-linux-gnu + docker: ghcr.io/rust-cross/manylinux2014-cross:aarch64 + - host: ubuntu-24.04-arm + target: aarch64-unknown-linux-musl + docker: alpine:3.21 + - host: ubuntu-latest + target: armv7-unknown-linux-gnueabihf + docker: ghcr.io/rust-cross/manylinux2014-cross:armv7 + - host: ubuntu-latest + target: x86_64-unknown-linux-gnu + - host: ubuntu-latest + target: x86_64-unknown-linux-musl + docker: alpine:3.21 + - host: windows-latest + target: aarch64-pc-windows-msvc + - host: windows-latest + target: i686-pc-windows-msvc + - host: windows-latest + target: x86_64-pc-windows-msvc + uses: ./.github/workflows/build.yml + secrets: inherit + with: + docker: ${{ matrix.settings.docker }} + host: ${{ matrix.settings.host }} + if: true + publish: true + setup: ${{ matrix.settings.setup }} + target: ${{ matrix.settings.target }} \ No newline at end of file From c91669a5f3b6c9152877f140a64a433697cae050 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 22 Jul 2025 11:32:05 -0700 Subject: [PATCH 04/38] keep tagging step in build action --- .github/workflows/build.yml | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7a0f5d12..3acaab92 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -58,7 +58,7 @@ jobs: if: ${{ inputs.target == 'x86_64-unknown-linux-musl' || inputs.target == 'aarch64-unknown-linux-musl' }} with: image: ${{ inputs.docker }} - options: '-e SHOULD_PUBLISH=${{ inputs.publish }} --user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' run: | echo "apk add:" apk upgrade @@ -71,16 +71,17 @@ jobs: ./venv/bin/pip install patchelf make build - if [ "${SHOULD_PUBLISH}" == 'true' ]; then + if [ "${{ inputs.publish }}" = 'true' ]; then echo "~~~~ maturin publishing" . ./venv/bin/activate && maturin publish --no-sdist -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} fi + - name: Build and (Publish) aarch64-unknown-linux-gnu uses: addnab/docker-run-action@v3 if: ${{ inputs.target == 'aarch64-unknown-linux-gnu' }} with: image: ${{ inputs.docker }} - options: '-e SHOULD_PUBLISH=${{ inputs.publish }} --user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' run: | # Ensure multilib support is available sudo apt -y update @@ -98,8 +99,7 @@ jobs: python3 -m venv .env . .env/bin/activate && pip install -r requirements.txt . .env/bin/activate && pip install patchelf - # this is in raw 'sh', use single '=' - if [ "${SHOULD_PUBLISH}" = 'true' ]; then + if [${{ inputs.publish }}]; then echo "~~~~ maturin publishing" # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} @@ -107,12 +107,13 @@ jobs: echo "~~~~ maturin building" . .env/bin/activate && maturin build --target ${{ inputs.target }} fi + - name: Build and (Publish) armv7-unknown-linux-gnueabihf uses: addnab/docker-run-action@v3 if: ${{ inputs.target == 'armv7-unknown-linux-gnueabihf' }} with: image: ${{ inputs.docker }} - options: '-e SHOULD_PUBLISH=${{ inputs.publish }} --user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' run: | # Ensure multilib support is available sudo apt -y update @@ -133,8 +134,7 @@ jobs: python3 -m venv .env . .env/bin/activate && pip install -r requirements.txt . .env/bin/activate && pip install patchelf - # this is in raw 'sh', use single '=' - if [ "${SHOULD_PUBLISH}" = 'true' ]; then + if [${{ inputs.publish }}]; then echo "~~~~ maturin publishing" # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} @@ -142,6 +142,7 @@ jobs: echo "~~~~ maturin building" RUST_BACKTRACE=1 . .env/bin/activate && maturin build --target ${{ inputs.target }} --verbose fi + - name: Build Python Extension Module (non-docker) if: ${{ inputs.publish != true && !inputs.docker && !contains(inputs.target,'android') }} uses: PyO3/maturin-action@v1 @@ -161,6 +162,23 @@ jobs: maturin-version: v1.6.0 target: ${{ inputs.target }} args: --no-sdist -i python3.12 -m Cargo.toml -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} + - name: Tag Release + if: ${{ inputs.publish == true }} + run: | + version="$(grep '^version =' Cargo.toml | head -n1 | awk -F\" '{print $2}')" + tag="v${version}" + git config user.name "GitHub Action" + git config user.email noreply@ngrok.com + echo "Version: ${version} tag: $tag" + echo "Fetching all tags in the repository" + git fetch --tags + if git rev-parse "refs/tags/$tag" >/dev/null 2>&1; then + echo "Tag $tag already exists, skipping tag creation." + else + echo "Tag $tag does not exist, pushing tag." + git tag -a -m "Version ${version}" $tag + git push --tags + fi - name: Upload artifact uses: actions/upload-artifact@v4 with: From 6cc8aab8d62b89a82a9df5e7ceea6508259d2d7b Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 22 Jul 2025 11:51:16 -0700 Subject: [PATCH 05/38] move tag release to CI job --- .github/workflows/build.yml | 17 ----------------- .github/workflows/ci.yml | 23 +++++++++++++++++++++++ 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3acaab92..bdb5532b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -162,23 +162,6 @@ jobs: maturin-version: v1.6.0 target: ${{ inputs.target }} args: --no-sdist -i python3.12 -m Cargo.toml -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} - - name: Tag Release - if: ${{ inputs.publish == true }} - run: | - version="$(grep '^version =' Cargo.toml | head -n1 | awk -F\" '{print $2}')" - tag="v${version}" - git config user.name "GitHub Action" - git config user.email noreply@ngrok.com - echo "Version: ${version} tag: $tag" - echo "Fetching all tags in the repository" - git fetch --tags - if git rev-parse "refs/tags/$tag" >/dev/null 2>&1; then - echo "Tag $tag already exists, skipping tag creation." - else - echo "Tag $tag does not exist, pushing tag." - git tag -a -m "Version ${version}" $tag - git push --tags - fi - name: Upload artifact uses: actions/upload-artifact@v4 with: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dd4c943d..e6fad812 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -152,3 +152,26 @@ jobs: name: bindings-freebsd path: target/wheels/*.whl if-no-files-found: error + tag-release: + if: ${{ inputs.publish == true }} + runs-on: ubuntu-latest + name: Tag Release + steps: + - uses: actions/checkout@v4 + - uses: jrobsonchase/direnv-action@v0.7 + - name: Tag Release + run: | + version="$(grep '^version =' Cargo.toml | head -n1 | awk -F\" '{print $2}')" + tag="v${version}" + git config user.name "GitHub Action" + git config user.email noreply@ngrok.com + echo "Version: ${version} tag: $tag" + echo "Fetching all tags in the repository" + git fetch --tags + if git rev-parse "refs/tags/$tag" >/dev/null 2>&1; then + echo "Tag $tag already exists, skipping tag creation." + else + echo "Tag $tag does not exist, pushing tag." + git tag -a -m "Version ${version}" $tag + git push --tags + fi From d37d60736f3f562b492d1e382f1fe61eabf52ab6 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 22 Jul 2025 12:44:13 -0700 Subject: [PATCH 06/38] update maturin version --- .github/workflows/build.yml | 4 ++-- requirements.txt | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bdb5532b..ae8e4841 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -147,7 +147,7 @@ jobs: if: ${{ inputs.publish != true && !inputs.docker && !contains(inputs.target,'android') }} uses: PyO3/maturin-action@v1 with: - maturin-version: v1.6.0 + maturin-version: v1.9.1 target: ${{ inputs.target }} # builds in release mode with the specified python version as the interpreter and the Cargo.toml file as the manifest args: --release -i python3.12 --target ${{ inputs.target }} -m Cargo.toml @@ -159,7 +159,7 @@ jobs: uses: PyO3/maturin-action@v1 with: command: publish - maturin-version: v1.6.0 + maturin-version: v1.9.1 target: ${{ inputs.target }} args: --no-sdist -i python3.12 -m Cargo.toml -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} - name: Upload artifact diff --git a/requirements.txt b/requirements.txt index f60d7cc9..b1750281 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ aiohttp==3.9.5 # async HTTP client/server framework black==23.3.0 # code formatter furo==2024.8.6 # customisable Sphinx theme -maturin==1.6.0 # build and publish Python packages +maturin==1.9.1 # build and publish Python packages mypy==1.15.0 # static type checker myst-parser==4.0.1 # Sphinx extension for Markdown pytest-xdist==3.6.1 # run tests in parallel From c0eb49af73f7cf4fb1ee251c0f19be8a3948b5d9 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Tue, 22 Jul 2025 13:44:46 -0700 Subject: [PATCH 07/38] explicitly setup python for aarch64 windows --- .github/workflows/build.yml | 6 ++++++ pyproject.toml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ae8e4841..dfd8b3db 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -53,6 +53,12 @@ jobs: with: python-version: "3.12" architecture: "x86" + - name: Setup x85 Python for aarch64-pc-windows-msvc + if: ${{ inputs.target == 'aarch64-pc-windows-msvc' }} + uses: actions/setup-python@v5 + with: + python-version: "3.12" + architecture: "x64" - name: Build and (Publish) musl for ${{ inputs.target }} uses: addnab/docker-run-action@v3 if: ${{ inputs.target == 'x86_64-unknown-linux-musl' || inputs.target == 'aarch64-unknown-linux-musl' }} diff --git a/pyproject.toml b/pyproject.toml index 460351b7..fcfc4c77 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,7 +31,7 @@ changelog = "https://github.com/ngrok/ngrok-python/blob/main/CHANGELOG.md" ngrok-asgi = "ngrok:__main__.asgi_cli" [build-system] -requires = ["maturin>=1.5,<=1.6"] +requires = ["maturin>=1.5,<=1.9.1"] build-backend = "maturin" [tool.maturin] From e15a9e6b241832efed4c391efb1444711182fe6f Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 10:04:41 -0700 Subject: [PATCH 08/38] fix typo --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index dfd8b3db..a96aba02 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -53,7 +53,7 @@ jobs: with: python-version: "3.12" architecture: "x86" - - name: Setup x85 Python for aarch64-pc-windows-msvc + - name: Setup x64 Python for aarch64-pc-windows-msvc if: ${{ inputs.target == 'aarch64-pc-windows-msvc' }} uses: actions/setup-python@v5 with: From f15446c8ab3a782503bab16804cba81e16032ef8 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 10:12:42 -0700 Subject: [PATCH 09/38] log info about the runners --- .github/workflows/build.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a96aba02..31f0bcf9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -58,7 +58,12 @@ jobs: uses: actions/setup-python@v5 with: python-version: "3.12" - architecture: "x64" + architecture: "arm64" + run: | + echo "Runner OS: $RUNNER_OS" + echo "Runner Architecture: $RUNNER_ARCH" + echo "Runner Name: $RUNNER_NAME" + systeminfo - name: Build and (Publish) musl for ${{ inputs.target }} uses: addnab/docker-run-action@v3 if: ${{ inputs.target == 'x86_64-unknown-linux-musl' || inputs.target == 'aarch64-unknown-linux-musl' }} From 21c0654f3c7b48137ab57e23993b6a1db548f168 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 10:40:41 -0700 Subject: [PATCH 10/38] manually setup correct libraries for windows aarch64 --- .github/workflows/build.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 31f0bcf9..8ba85069 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -53,17 +53,20 @@ jobs: with: python-version: "3.12" architecture: "x86" - - name: Setup x64 Python for aarch64-pc-windows-msvc + - name: Download ARM64 Python SDK if: ${{ inputs.target == 'aarch64-pc-windows-msvc' }} - uses: actions/setup-python@v5 - with: - python-version: "3.12" - architecture: "arm64" - run: | - echo "Runner OS: $RUNNER_OS" - echo "Runner Architecture: $RUNNER_ARCH" - echo "Runner Name: $RUNNER_NAME" - systeminfo + run: | + curl -LO https://www.python.org/ftp/python/3.12.0/python-3.12.0-embed-arm64.zip + mkdir python-arm64 + tar -xf python-3.12.0-embed-arm64.zip -C python-arm64 + - name: Set ARM64 Python environment variables + if: ${{ inputs.target == 'aarch64-pc-windows-msvc' }} + shell: pwsh + run: | + echo "PYTHONHOME=${{ github.workspace }}\python-arm64" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + echo "PYTHONPATH=${{ github.workspace }}\python-arm64" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + echo "PATH=${{ github.workspace }}\python-arm64;${env:PATH}" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + - name: Build and (Publish) musl for ${{ inputs.target }} uses: addnab/docker-run-action@v3 if: ${{ inputs.target == 'x86_64-unknown-linux-musl' || inputs.target == 'aarch64-unknown-linux-musl' }} From 43a8d79e093d8f3dfc06fb1ed62ddaa95d9fad26 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 11:29:02 -0700 Subject: [PATCH 11/38] self review fixes --- .github/workflows/build.yml | 4 ++-- .github/workflows/ci.yml | 26 +------------------------- .github/workflows/publish.yml | 26 +++++++++++++++++++++++++- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8ba85069..6f0811eb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -113,7 +113,7 @@ jobs: python3 -m venv .env . .env/bin/activate && pip install -r requirements.txt . .env/bin/activate && pip install patchelf - if [${{ inputs.publish }}]; then + if [ "${{ inputs.publish }}" = 'true' ]; then echo "~~~~ maturin publishing" # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} @@ -148,7 +148,7 @@ jobs: python3 -m venv .env . .env/bin/activate && pip install -r requirements.txt . .env/bin/activate && pip install patchelf - if [${{ inputs.publish }}]; then + if [ "${{ inputs.publish }}" = 'true' ]; then echo "~~~~ maturin publishing" # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e6fad812..0b04a38e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -74,7 +74,6 @@ jobs: docker: ${{ matrix.settings.docker }} host: ${{ matrix.settings.host }} if: true - publish: false setup: ${{ matrix.settings.setup }} target: ${{ matrix.settings.target }} strategy: @@ -151,27 +150,4 @@ jobs: with: name: bindings-freebsd path: target/wheels/*.whl - if-no-files-found: error - tag-release: - if: ${{ inputs.publish == true }} - runs-on: ubuntu-latest - name: Tag Release - steps: - - uses: actions/checkout@v4 - - uses: jrobsonchase/direnv-action@v0.7 - - name: Tag Release - run: | - version="$(grep '^version =' Cargo.toml | head -n1 | awk -F\" '{print $2}')" - tag="v${version}" - git config user.name "GitHub Action" - git config user.email noreply@ngrok.com - echo "Version: ${version} tag: $tag" - echo "Fetching all tags in the repository" - git fetch --tags - if git rev-parse "refs/tags/$tag" >/dev/null 2>&1; then - echo "Tag $tag already exists, skipping tag creation." - else - echo "Tag $tag does not exist, pushing tag." - git tag -a -m "Version ${version}" $tag - git push --tags - fi + if-no-files-found: error \ No newline at end of file diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index bd43f629..a4e13be8 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -41,4 +41,28 @@ jobs: if: true publish: true setup: ${{ matrix.settings.setup }} - target: ${{ matrix.settings.target }} \ No newline at end of file + target: ${{ matrix.settings.target }} + + tag-release: + needs: publish-all + runs-on: ubuntu-latest + name: Tag Release + steps: + - uses: actions/checkout@v4 + - uses: jrobsonchase/direnv-action@v0.7 + - name: Tag Release + run: | + version="$(grep '^version =' Cargo.toml | head -n1 | awk -F\" '{print $2}')" + tag="v${version}" + git config user.name "GitHub Action" + git config user.email noreply@ngrok.com + echo "Version: ${version} tag: $tag" + echo "Fetching all tags in the repository" + git fetch --tags + if git rev-parse "refs/tags/$tag" >/dev/null 2>&1; then + echo "Tag $tag already exists, skipping tag creation." + else + echo "Tag $tag does not exist, pushing tag." + git tag -a -m "Version ${version}" $tag + git push --tags + fi From 74dfd5b11a0802141cad08a46217e9b0c7f5905a Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 12:44:13 -0700 Subject: [PATCH 12/38] temporarily change action trigger to test --- .github/workflows/publish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a4e13be8..0aca395b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,6 +1,7 @@ name: Publish All on: - workflow_dispatch: + pull_request: + branches: [add-manual-publish-option] jobs: publish-all: From 339daae3e52563ff680f11c8f3555cb662a008eb Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 13:17:22 -0700 Subject: [PATCH 13/38] fix target branch --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0aca395b..8f0988d4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,7 +1,7 @@ name: Publish All on: pull_request: - branches: [add-manual-publish-option] + branches: [main] jobs: publish-all: From 0770ef3b6c65205927e5e5bacb1b23c09e46dd34 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 15:48:17 -0700 Subject: [PATCH 14/38] fix workflow --- .github/workflows/publish.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 8f0988d4..a68cab89 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -5,6 +5,8 @@ on: jobs: publish-all: + fail-fast: false + strategy: matrix: settings: # List all targets you want to publish From b0d7e233f151a12d93b30d5ccd912191cc5eaea9 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 16:00:04 -0700 Subject: [PATCH 15/38] fix workflow format --- .github/workflows/ci.yml | 1 - .github/workflows/publish.yml | 28 ++++++++++++++++------------ 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0b04a38e..e55cee7a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -73,7 +73,6 @@ jobs: with: docker: ${{ matrix.settings.docker }} host: ${{ matrix.settings.host }} - if: true setup: ${{ matrix.settings.setup }} target: ${{ matrix.settings.target }} strategy: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a68cab89..0d742a03 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -5,11 +5,12 @@ on: jobs: publish-all: - fail-fast: false + name: Build & Publish All + runs-on: ${{ matrix.settings.host }} strategy: + fail-fast: false matrix: settings: - # List all targets you want to publish - host: macos-latest target: aarch64-apple-darwin - host: macos-latest @@ -36,16 +37,19 @@ jobs: target: i686-pc-windows-msvc - host: windows-latest target: x86_64-pc-windows-msvc - uses: ./.github/workflows/build.yml - secrets: inherit - with: - docker: ${{ matrix.settings.docker }} - host: ${{ matrix.settings.host }} - if: true - publish: true - setup: ${{ matrix.settings.setup }} - target: ${{ matrix.settings.target }} - + + steps: + - name: Call reusable build.yml + uses: ./.github/workflows/build.yml + with: + docker: ${{ matrix.settings.docker }} + host: ${{ matrix.settings.host }} + if: true + publish: true + setup: ${{ matrix.settings.setup }} + target: ${{ matrix.settings.target }} + secrets: inherit + tag-release: needs: publish-all runs-on: ubuntu-latest From 86c9d29331c4e5b60944c82526abb661ede2106c Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 16:06:34 -0700 Subject: [PATCH 16/38] clean up file --- .github/workflows/publish.yml | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0d742a03..ad3f43b8 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -4,8 +4,8 @@ on: branches: [main] jobs: - publish-all: - name: Build & Publish All + publish: + name: Build ${{ matrix.settings.target }} runs-on: ${{ matrix.settings.host }} strategy: fail-fast: false @@ -38,22 +38,20 @@ jobs: - host: windows-latest target: x86_64-pc-windows-msvc - steps: - - name: Call reusable build.yml - uses: ./.github/workflows/build.yml - with: - docker: ${{ matrix.settings.docker }} - host: ${{ matrix.settings.host }} - if: true - publish: true - setup: ${{ matrix.settings.setup }} - target: ${{ matrix.settings.target }} - secrets: inherit + uses: ./.github/workflows/build.yml + with: + docker: ${{ matrix.settings.docker }} + host: ${{ matrix.settings.host }} + if: true + publish: true + setup: ${{ matrix.settings.setup }} + target: ${{ matrix.settings.target }} + secrets: inherit tag-release: - needs: publish-all - runs-on: ubuntu-latest name: Tag Release + needs: publish + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: jrobsonchase/direnv-action@v0.7 From 922f69da8647bd2884141beacb7bfa34ffaeaf26 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 16:10:56 -0700 Subject: [PATCH 17/38] remove runs-on parameter --- .github/workflows/publish.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ad3f43b8..bc7bdda7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -6,7 +6,6 @@ on: jobs: publish: name: Build ${{ matrix.settings.target }} - runs-on: ${{ matrix.settings.host }} strategy: fail-fast: false matrix: From 976f94a3f238dcad89542b44c4d781f828510fc0 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 16:35:51 -0700 Subject: [PATCH 18/38] skip publishing existing packages --- .github/workflows/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6f0811eb..b545e903 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -87,7 +87,7 @@ jobs: if [ "${{ inputs.publish }}" = 'true' ]; then echo "~~~~ maturin publishing" - . ./venv/bin/activate && maturin publish --no-sdist -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} + . ./venv/bin/activate && maturin publish --no-sdist --skip-existing -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} fi - name: Build and (Publish) aarch64-unknown-linux-gnu @@ -116,7 +116,7 @@ jobs: if [ "${{ inputs.publish }}" = 'true' ]; then echo "~~~~ maturin publishing" # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform - . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} + . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --skip-existing --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} else echo "~~~~ maturin building" . .env/bin/activate && maturin build --target ${{ inputs.target }} @@ -151,7 +151,7 @@ jobs: if [ "${{ inputs.publish }}" = 'true' ]; then echo "~~~~ maturin publishing" # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform - . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} + . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --skip-existing --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} else echo "~~~~ maturin building" RUST_BACKTRACE=1 . .env/bin/activate && maturin build --target ${{ inputs.target }} --verbose From 6d77685e0e2dd0cda30735b92da671ac76ecb6ed Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 16:40:49 -0700 Subject: [PATCH 19/38] add skip-existing flag --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b545e903..c164014b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -175,7 +175,7 @@ jobs: command: publish maturin-version: v1.9.1 target: ${{ inputs.target }} - args: --no-sdist -i python3.12 -m Cargo.toml -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} + args: --no-sdist --skip-existing -i python3.12 -m Cargo.toml -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} - name: Upload artifact uses: actions/upload-artifact@v4 with: From a0abd0454c904dd4be6f0d5c7fdbb67a0ec61117 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 17:02:10 -0700 Subject: [PATCH 20/38] add special case for x86_64-unknown-linux-gnu target --- .github/workflows/build.yml | 31 +++++++++++++++++++++++++++++++ .github/workflows/ci.yml | 1 + 2 files changed, 32 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c164014b..4df9e80f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -156,6 +156,37 @@ jobs: echo "~~~~ maturin building" RUST_BACKTRACE=1 . .env/bin/activate && maturin build --target ${{ inputs.target }} --verbose fi + - name: Build and (Publish) x86_64-unknown-linux-gnu + uses: addnab/docker-run-action@v3 + if: ${{ inputs.target == 'x86_64-unknown-linux-gnu' }} + with: + image: ${{ inputs.docker }} + options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + run: | + # Update and install required packages + sudo apt-get update + sudo apt-get install -y llvm-dev clang libclang-dev gcc-multilib + + # Install Rust minimal toolchain + curl --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal + export PATH="$HOME/.cargo/bin:$PATH" + + # Add necessary Rust targets and components + rustup component add llvm-tools-preview || true + rustup target add x86_64-unknown-linux-gnu + + # Create and activate Python virtual environment + python3 -m venv .env + . .env/bin/activate && pip install -r requirements.txt + . .env/bin/activate && pip install patchelf + + if [ "${{ inputs.publish }}" = 'true' ]; then + echo "~~~~ maturin publishing" + . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --skip-existing -i python3.12 -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} + else + echo "~~~~ maturin building" + . .env/bin/activate && maturin build --target ${{ inputs.target }} + fi - name: Build Python Extension Module (non-docker) if: ${{ inputs.publish != true && !inputs.docker && !contains(inputs.target,'android') }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e55cee7a..9c496f84 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -99,6 +99,7 @@ jobs: docker: ghcr.io/rust-cross/manylinux2014-cross:armv7 - host: ubuntu-latest target: x86_64-unknown-linux-gnu + docker: ghcr.io/rust-cross/manylinux2014-cross:x86_64 - host: ubuntu-latest target: x86_64-unknown-linux-musl docker: alpine:3.21 From e5702b75dc90d2207db3c3feee44125d62ccef75 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 17:08:43 -0700 Subject: [PATCH 21/38] fix indentation --- .github/workflows/build.yml | 42 ++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4df9e80f..38cf8852 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -162,31 +162,31 @@ jobs: with: image: ${{ inputs.docker }} options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' - run: | - # Update and install required packages - sudo apt-get update - sudo apt-get install -y llvm-dev clang libclang-dev gcc-multilib + run: | + # Update and install required packages + sudo apt-get update + sudo apt-get install -y llvm-dev clang libclang-dev gcc-multilib - # Install Rust minimal toolchain - curl --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal - export PATH="$HOME/.cargo/bin:$PATH" + # Install Rust minimal toolchain + curl --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal + export PATH="$HOME/.cargo/bin:$PATH" - # Add necessary Rust targets and components - rustup component add llvm-tools-preview || true - rustup target add x86_64-unknown-linux-gnu + # Add necessary Rust targets and components + rustup component add llvm-tools-preview || true + rustup target add x86_64-unknown-linux-gnu - # Create and activate Python virtual environment - python3 -m venv .env - . .env/bin/activate && pip install -r requirements.txt - . .env/bin/activate && pip install patchelf + # Create and activate Python virtual environment + python3 -m venv .env + . .env/bin/activate && pip install -r requirements.txt + . .env/bin/activate && pip install patchelf - if [ "${{ inputs.publish }}" = 'true' ]; then - echo "~~~~ maturin publishing" - . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --skip-existing -i python3.12 -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} - else - echo "~~~~ maturin building" - . .env/bin/activate && maturin build --target ${{ inputs.target }} - fi + if [ "${{ inputs.publish }}" = 'true' ]; then + echo "~~~~ maturin publishing" + . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --skip-existing -i python3.12 -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} + else + echo "~~~~ maturin building" + . .env/bin/activate && maturin build --target ${{ inputs.target }} + fi - name: Build Python Extension Module (non-docker) if: ${{ inputs.publish != true && !inputs.docker && !contains(inputs.target,'android') }} From e0a72173db878714ab64bbe840ff927deab7080a Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 17:41:07 -0700 Subject: [PATCH 22/38] check which part of script is failing --- .github/workflows/build.yml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 38cf8852..50126f97 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -102,26 +102,6 @@ jobs: sudo apt -y full-upgrade sudo apt -y install gcc-multilib - # Install Rust - curl --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal - export PATH="$HOME/.cargo/bin:$PATH" - - # ring 0.17 assembly build needs __ARM_ARCH set - export CFLAGS_aarch64_unknown_linux_gnu="-D__ARM_ARCH=8" - rustup component add llvm-tools-preview || true - rustup target add aarch64-unknown-linux-gnu - python3 -m venv .env - . .env/bin/activate && pip install -r requirements.txt - . .env/bin/activate && pip install patchelf - if [ "${{ inputs.publish }}" = 'true' ]; then - echo "~~~~ maturin publishing" - # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform - . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --skip-existing --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} - else - echo "~~~~ maturin building" - . .env/bin/activate && maturin build --target ${{ inputs.target }} - fi - - name: Build and (Publish) armv7-unknown-linux-gnueabihf uses: addnab/docker-run-action@v3 if: ${{ inputs.target == 'armv7-unknown-linux-gnueabihf' }} From 94fa027e6c96d7d914021ee31e78a90f19baaa91 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 17:50:18 -0700 Subject: [PATCH 23/38] change correct step --- .github/workflows/build.yml | 41 +++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 50126f97..5c2f16b6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -102,6 +102,25 @@ jobs: sudo apt -y full-upgrade sudo apt -y install gcc-multilib + # Install Rust + curl --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal + export PATH="$HOME/.cargo/bin:$PATH" + + # ring 0.17 assembly build needs __ARM_ARCH set + export CFLAGS_aarch64_unknown_linux_gnu="-D__ARM_ARCH=8" + rustup component add llvm-tools-preview || true + rustup target add aarch64-unknown-linux-gnu + python3 -m venv .env + . .env/bin/activate && pip install -r requirements.txt + . .env/bin/activate && pip install patchelf + if [ "${{ inputs.publish }}" = 'true' ]; then + echo "~~~~ maturin publishing" + # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform + . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --skip-existing --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} + else + echo "~~~~ maturin building" + . .env/bin/activate && maturin build --target ${{ inputs.target }} + fi - name: Build and (Publish) armv7-unknown-linux-gnueabihf uses: addnab/docker-run-action@v3 if: ${{ inputs.target == 'armv7-unknown-linux-gnueabihf' }} @@ -146,28 +165,6 @@ jobs: # Update and install required packages sudo apt-get update sudo apt-get install -y llvm-dev clang libclang-dev gcc-multilib - - # Install Rust minimal toolchain - curl --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal - export PATH="$HOME/.cargo/bin:$PATH" - - # Add necessary Rust targets and components - rustup component add llvm-tools-preview || true - rustup target add x86_64-unknown-linux-gnu - - # Create and activate Python virtual environment - python3 -m venv .env - . .env/bin/activate && pip install -r requirements.txt - . .env/bin/activate && pip install patchelf - - if [ "${{ inputs.publish }}" = 'true' ]; then - echo "~~~~ maturin publishing" - . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --skip-existing -i python3.12 -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} - else - echo "~~~~ maturin building" - . .env/bin/activate && maturin build --target ${{ inputs.target }} - fi - - name: Build Python Extension Module (non-docker) if: ${{ inputs.publish != true && !inputs.docker && !contains(inputs.target,'android') }} uses: PyO3/maturin-action@v1 From e0242835bce53377fcab30606c682d8872c3116c Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Wed, 23 Jul 2025 18:11:03 -0700 Subject: [PATCH 24/38] add correct docker parameter in publish path --- .github/workflows/build.yml | 21 +++++++++++++++++++++ .github/workflows/publish.yml | 1 + 2 files changed, 22 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5c2f16b6..89e2cfe5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -165,6 +165,27 @@ jobs: # Update and install required packages sudo apt-get update sudo apt-get install -y llvm-dev clang libclang-dev gcc-multilib + + # Install Rust minimal toolchain + curl --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal + export PATH="$HOME/.cargo/bin:$PATH" + + # Add necessary Rust targets and components + rustup component add llvm-tools-preview || true + rustup target add x86_64-unknown-linux-gnu + + # Create and activate Python virtual environment + python3 -m venv .env + . .env/bin/activate && pip install -r requirements.txt + . .env/bin/activate && pip install patchelf + + if [ "${{ inputs.publish }}" = 'true' ]; then + echo "~~~~ maturin publishing" + . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --skip-existing -i python3.12 -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} + else + echo "~~~~ maturin building" + . .env/bin/activate && maturin build --target ${{ inputs.target }} + fi - name: Build Python Extension Module (non-docker) if: ${{ inputs.publish != true && !inputs.docker && !contains(inputs.target,'android') }} uses: PyO3/maturin-action@v1 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index bc7bdda7..416e7c74 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -27,6 +27,7 @@ jobs: docker: ghcr.io/rust-cross/manylinux2014-cross:armv7 - host: ubuntu-latest target: x86_64-unknown-linux-gnu + docker: ghcr.io/rust-cross/manylinux2014-cross:x86_64 - host: ubuntu-latest target: x86_64-unknown-linux-musl docker: alpine:3.21 From c98651e9d6f762ccbf25f4b8d491b36536f97c0c Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 24 Jul 2025 09:06:29 -0700 Subject: [PATCH 25/38] switch workflow to run on manual trigger --- .github/workflows/publish.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 416e7c74..4f5b6fa3 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,7 +1,6 @@ -name: Publish All on: - pull_request: - branches: [main] + workflow_dispatch: +name: Publish All jobs: publish: From 7cc5b183581ed8dd7b83e326a903cf126c126232 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 24 Jul 2025 09:19:58 -0700 Subject: [PATCH 26/38] self review --- .github/workflows/build.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 89e2cfe5..eac4f9e6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -72,7 +72,7 @@ jobs: if: ${{ inputs.target == 'x86_64-unknown-linux-musl' || inputs.target == 'aarch64-unknown-linux-musl' }} with: image: ${{ inputs.docker }} - options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + options: '-e SHOULD_PUBLISH=${{ inputs.publish }} --user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' run: | echo "apk add:" apk upgrade @@ -85,7 +85,7 @@ jobs: ./venv/bin/pip install patchelf make build - if [ "${{ inputs.publish }}" = 'true' ]; then + if [ "${SHOULD_PUBLISH}" == 'true' ]; then echo "~~~~ maturin publishing" . ./venv/bin/activate && maturin publish --no-sdist --skip-existing -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} fi @@ -95,7 +95,7 @@ jobs: if: ${{ inputs.target == 'aarch64-unknown-linux-gnu' }} with: image: ${{ inputs.docker }} - options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + options: '-e SHOULD_PUBLISH=${{ inputs.publish }} --user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' run: | # Ensure multilib support is available sudo apt -y update @@ -113,7 +113,8 @@ jobs: python3 -m venv .env . .env/bin/activate && pip install -r requirements.txt . .env/bin/activate && pip install patchelf - if [ "${{ inputs.publish }}" = 'true' ]; then + # this is in raw 'sh', use single '=' + if [ "${SHOULD_PUBLISH}" = 'true' ]; then echo "~~~~ maturin publishing" # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --skip-existing --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} @@ -126,7 +127,7 @@ jobs: if: ${{ inputs.target == 'armv7-unknown-linux-gnueabihf' }} with: image: ${{ inputs.docker }} - options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + options: '-e SHOULD_PUBLISH=${{ inputs.publish }} --user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' run: | # Ensure multilib support is available sudo apt -y update @@ -147,7 +148,8 @@ jobs: python3 -m venv .env . .env/bin/activate && pip install -r requirements.txt . .env/bin/activate && pip install patchelf - if [ "${{ inputs.publish }}" = 'true' ]; then + # this is in raw 'sh', use single '=' + if [ "${SHOULD_PUBLISH}" = 'true' ]; then echo "~~~~ maturin publishing" # pass '--debug' to avoid optimization, which breaks tls signature validation on this platform . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --skip-existing --debug -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} @@ -160,7 +162,7 @@ jobs: if: ${{ inputs.target == 'x86_64-unknown-linux-gnu' }} with: image: ${{ inputs.docker }} - options: '--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' + options: '-e SHOULD_PUBLISH=${{ inputs.publish }} --user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build' run: | # Update and install required packages sudo apt-get update @@ -179,7 +181,7 @@ jobs: . .env/bin/activate && pip install -r requirements.txt . .env/bin/activate && pip install patchelf - if [ "${{ inputs.publish }}" = 'true' ]; then + if [ "${SHOULD_PUBLISH}" = 'true' ]; then echo "~~~~ maturin publishing" . .env/bin/activate && maturin publish --target ${{ inputs.target }} --no-sdist --skip-existing -i python3.12 -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} else From 9dbdee5854c02b59842084552437053ae7228a64 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 24 Jul 2025 12:50:39 -0700 Subject: [PATCH 27/38] try reusing existing build steps --- .github/workflows/ci.yml | 4 +++ .github/workflows/publish.yml | 51 +++++------------------------------ 2 files changed, 11 insertions(+), 44 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9c496f84..ce17954f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,6 +4,10 @@ env: APP_NAME: ngrok MACOSX_DEPLOYMENT_TARGET: '10.13' on: + workflow_call: + secrets: + NGROK_AUTHTOKEN: + required: true push: branches: - '**' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4f5b6fa3..39668924 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,52 +1,15 @@ -on: - workflow_dispatch: name: Publish All +on: + pull_request: + branches: [main] jobs: - publish: - name: Build ${{ matrix.settings.target }} - strategy: - fail-fast: false - matrix: - settings: - - host: macos-latest - target: aarch64-apple-darwin - - host: macos-latest - target: universal2-apple-darwin - - host: macos-latest - target: x86_64-apple-darwin - - host: ubuntu-latest - target: aarch64-unknown-linux-gnu - docker: ghcr.io/rust-cross/manylinux2014-cross:aarch64 - - host: ubuntu-24.04-arm - target: aarch64-unknown-linux-musl - docker: alpine:3.21 - - host: ubuntu-latest - target: armv7-unknown-linux-gnueabihf - docker: ghcr.io/rust-cross/manylinux2014-cross:armv7 - - host: ubuntu-latest - target: x86_64-unknown-linux-gnu - docker: ghcr.io/rust-cross/manylinux2014-cross:x86_64 - - host: ubuntu-latest - target: x86_64-unknown-linux-musl - docker: alpine:3.21 - - host: windows-latest - target: aarch64-pc-windows-msvc - - host: windows-latest - target: i686-pc-windows-msvc - - host: windows-latest - target: x86_64-pc-windows-msvc - - uses: ./.github/workflows/build.yml + ci: + name: Runs CI + uses: ./.github/workflows/ci.yml + secrets: inherit with: - docker: ${{ matrix.settings.docker }} - host: ${{ matrix.settings.host }} - if: true publish: true - setup: ${{ matrix.settings.setup }} - target: ${{ matrix.settings.target }} - secrets: inherit - tag-release: name: Tag Release needs: publish From fff4c78c8c414b7dae963e6588327cb80a1746e7 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 24 Jul 2025 12:51:46 -0700 Subject: [PATCH 28/38] fix job name reference --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 39668924..22579b7b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,7 +12,7 @@ jobs: publish: true tag-release: name: Tag Release - needs: publish + needs: ci runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 From 95ddef6bd0b805c7da1d2b0f969ab7601b0a0af3 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 24 Jul 2025 12:55:33 -0700 Subject: [PATCH 29/38] add missing permissions --- .github/workflows/publish.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 22579b7b..efb636ec 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -8,11 +8,14 @@ jobs: name: Runs CI uses: ./.github/workflows/ci.yml secrets: inherit + permissions: + contents: write with: publish: true tag-release: name: Tag Release needs: ci + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 From 066f3479e839bec0e8938edd1951c4f5ed7db939 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 24 Jul 2025 12:59:39 -0700 Subject: [PATCH 30/38] include inputs from publish job --- .github/workflows/ci.yml | 9 ++++++--- .github/workflows/publish.yml | 1 - 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ce17954f..b9f4981e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,9 +5,12 @@ env: MACOSX_DEPLOYMENT_TARGET: '10.13' on: workflow_call: - secrets: - NGROK_AUTHTOKEN: - required: true + inputs: + publish: + required: false + default: false + type: boolean + secrets: inherit push: branches: - '**' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index efb636ec..e487f4de 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -15,7 +15,6 @@ jobs: tag-release: name: Tag Release needs: ci - runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 From 0d259c069fd9b6b3a500f718530934718f58ac54 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 24 Jul 2025 13:02:35 -0700 Subject: [PATCH 31/38] remove PR trigger --- .github/workflows/ci.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b9f4981e..42885e56 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,11 +22,7 @@ on: - '**/*.gitignore' - .editorconfig - docs/** - workflow_dispatch: - pull_request: - types: [opened, reopened] - branches: - - main + jobs: udeps: name: Udeps From c6afb82af7222323beebe83d5c27edf0b94a311d Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 24 Jul 2025 13:08:15 -0700 Subject: [PATCH 32/38] explicitly list out secrets --- .github/workflows/ci.yml | 4 +++- .github/workflows/publish.yml | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 42885e56..aadea329 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,9 @@ on: required: false default: false type: boolean - secrets: inherit + secrets: + NGROK_AUTHTOKEN: + required: true push: branches: - '**' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e487f4de..be6aaa09 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -7,7 +7,8 @@ jobs: ci: name: Runs CI uses: ./.github/workflows/ci.yml - secrets: inherit + secrets: + NGROK_AUTHTOKEN: ${{ secrets.NGROK_AUTHTOKEN }} permissions: contents: write with: From 646ac75ab38e987aa15621d9c66164e6556bff85 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 24 Jul 2025 13:18:48 -0700 Subject: [PATCH 33/38] pass publish flag to build.yml --- .github/workflows/ci.yml | 1 + .github/workflows/publish.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index aadea329..e6d9a36e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -76,6 +76,7 @@ jobs: uses: ./.github/workflows/build.yml secrets: inherit with: + publish: ${{ inputs.publish }} docker: ${{ matrix.settings.docker }} host: ${{ matrix.settings.host }} setup: ${{ matrix.settings.setup }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index be6aaa09..c5f1690e 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -5,7 +5,7 @@ on: jobs: ci: - name: Runs CI + name: Run CI uses: ./.github/workflows/ci.yml secrets: NGROK_AUTHTOKEN: ${{ secrets.NGROK_AUTHTOKEN }} From 8af44094cbe01a0b6094cbee37c71c93f481de3b Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 24 Jul 2025 13:24:15 -0700 Subject: [PATCH 34/38] pass maturin password --- .github/workflows/ci.yml | 2 ++ .github/workflows/publish.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e6d9a36e..d7835a90 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,6 +13,8 @@ on: secrets: NGROK_AUTHTOKEN: required: true + MATURIN_PASSWORD: + required: true push: branches: - '**' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c5f1690e..f72b44a0 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -9,6 +9,7 @@ jobs: uses: ./.github/workflows/ci.yml secrets: NGROK_AUTHTOKEN: ${{ secrets.NGROK_AUTHTOKEN }} + MATURIN_PASSWORD: ${{ secrets.MATURIN_PASSWORD }} permissions: contents: write with: From 3a82ba75d7246f3c67517ce30e5d81c97cc5a338 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 24 Jul 2025 13:39:29 -0700 Subject: [PATCH 35/38] add publish parameter to ci runs --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d7835a90..effae463 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,6 +16,11 @@ on: MATURIN_PASSWORD: required: true push: + inputs: + publish: + required: false + default: false + type: boolean branches: - '**' tags-ignore: From 22c6cc94de75e73d3c23a3bc7f28c398a3497398 Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 24 Jul 2025 13:53:48 -0700 Subject: [PATCH 36/38] final workflow trigger for publish --- .github/workflows/publish.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f72b44a0..82d3d0c8 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,7 +1,6 @@ name: Publish All on: - pull_request: - branches: [main] + workflow_dispatch: jobs: ci: From 13f16259ffc0bc898f2428f5e8cf04a72d57264a Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Thu, 24 Jul 2025 14:08:32 -0700 Subject: [PATCH 37/38] add default for publish from ci --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index effae463..aa8be149 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -83,7 +83,7 @@ jobs: uses: ./.github/workflows/build.yml secrets: inherit with: - publish: ${{ inputs.publish }} + publish: ${{ inputs.publish || false }} docker: ${{ matrix.settings.docker }} host: ${{ matrix.settings.host }} setup: ${{ matrix.settings.setup }} From 90cc157f9dc4c4f5a40ddbcbb5de9d10ef98b12b Mon Sep 17 00:00:00 2001 From: kmvachhani Date: Fri, 25 Jul 2025 09:18:54 -0700 Subject: [PATCH 38/38] keep env variables for versions --- .github/workflows/build.yml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index eac4f9e6..04243b10 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,6 +27,10 @@ jobs: if: ${{ inputs.if }} name: stable - ${{ inputs.target }} - python@3.12 runs-on: ${{ inputs.host }} + env: + PYTHON_VERSION: "3.12" + MATURIN_VERSION: "v1.9.1" + XWIN_VERSION: "16" steps: - name: Checkout uses: actions/checkout@v4 @@ -51,14 +55,14 @@ jobs: if: ${{ inputs.target == 'i686-pc-windows-msvc' }} uses: actions/setup-python@v5 with: - python-version: "3.12" + python-version: ${{ env.PYTHON_VERSION }} architecture: "x86" - name: Download ARM64 Python SDK if: ${{ inputs.target == 'aarch64-pc-windows-msvc' }} run: | - curl -LO https://www.python.org/ftp/python/3.12.0/python-3.12.0-embed-arm64.zip + curl -LO https://www.python.org/ftp/python/${{ env.PYTHON_VERSION }}.0/python-${{ env.PYTHON_VERSION }}.0-embed-arm64.zip mkdir python-arm64 - tar -xf python-3.12.0-embed-arm64.zip -C python-arm64 + tar -xf python-${{ env.PYTHON_VERSION }}.0-embed-arm64.zip -C python-arm64 - name: Set ARM64 Python environment variables if: ${{ inputs.target == 'aarch64-pc-windows-msvc' }} shell: pwsh @@ -192,21 +196,19 @@ jobs: if: ${{ inputs.publish != true && !inputs.docker && !contains(inputs.target,'android') }} uses: PyO3/maturin-action@v1 with: - maturin-version: v1.9.1 + maturin-version: ${{ env.MATURIN_VERSION }} target: ${{ inputs.target }} - # builds in release mode with the specified python version as the interpreter and the Cargo.toml file as the manifest - args: --release -i python3.12 --target ${{ inputs.target }} -m Cargo.toml + args: --release -i python${{ env.PYTHON_VERSION }} --target ${{ inputs.target }} -m Cargo.toml env: - # see https://github.com/PyO3/maturin/issues/2110 - XWIN_VERSION: '16' + XWIN_VERSION: ${{ env.XWIN_VERSION }} - name: Publish to PyPI (non-docker) if: ${{ inputs.publish == true && !inputs.docker && !contains(inputs.target,'android') }} uses: PyO3/maturin-action@v1 with: command: publish - maturin-version: v1.9.1 + maturin-version: ${{ env.MATURIN_VERSION }} target: ${{ inputs.target }} - args: --no-sdist --skip-existing -i python3.12 -m Cargo.toml -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} + args: --no-sdist --skip-existing -i python${{ env.PYTHON_VERSION }} -m Cargo.toml -u __token__ -p ${{ secrets.MATURIN_PASSWORD }} - name: Upload artifact uses: actions/upload-artifact@v4 with: