build: Use cargo-auditable for rust build #1049
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| pull_request: | |
| push: | |
| branches: [main] | |
| release: | |
| types: [published] | |
| jobs: | |
| build-sdist: | |
| name: Build Sdist | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up pixi | |
| uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 | |
| with: | |
| environments: build | |
| - name: Set version | |
| run: pixi run -e build set-version | |
| - name: Build project | |
| run: pixi run -e build build-sdist | |
| - name: Upload package | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: sdist | |
| path: dist/* | |
| build-wheel: | |
| name: Build Wheel (${{ matrix.target-platform }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - target-platform: linux-64 | |
| os: ubuntu-latest | |
| - target-platform: linux-aarch64 | |
| os: ubuntu-24.04-arm | |
| - target-platform: osx-64 | |
| os: macos-15-intel | |
| - target-platform: osx-arm64 | |
| os: macos-latest | |
| - target-platform: win-64 | |
| os: windows-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up pixi | |
| uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 | |
| with: | |
| environments: build | |
| - name: Set version | |
| run: pixi run -e build set-version | |
| - name: Install cargo-auditable | |
| if: ${{ github.event_name == 'release' && !contains(matrix.os, 'ubuntu') }} | |
| run: cargo install cargo-auditable | |
| - name: Build wheel | |
| uses: PyO3/maturin-action@04ac600d27cdf7a9a280dadf7147097c42b757ad # v1.50.1 | |
| env: | |
| # cargo-auditable and sccache both wrap rustc and cannot be composed. | |
| # Only embed audit metadata for release builds; use sccache otherwise. | |
| RUSTC_WORKSPACE_WRAPPER: ${{ github.event_name == 'release' && 'cargo-auditable' || '' }} | |
| with: | |
| command: build | |
| args: --out dist --release -i python3.10 | |
| manylinux: auto | |
| sccache: ${{ github.event_name != 'release' }} | |
| before-script-linux: ${{ github.event_name == 'release' && 'cargo install cargo-auditable' || '' }} | |
| - name: Check package | |
| run: pixi run -e build check-wheel | |
| - name: Upload package | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: wheel-${{ matrix.target-platform }} | |
| path: dist/* | |
| release: | |
| name: Publish package | |
| if: github.event_name == 'release' | |
| needs: build-wheel | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| environment: pypi | |
| steps: | |
| - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| path: dist | |
| merge-multiple: true | |
| - name: Publish package on PyPi | |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 |