Skip to content
Build

build: Use cargo-auditable for rust build #1056

Sign in to view logs

build: Use cargo-auditable for rust build

build: Use cargo-auditable for rust build #1056

Workflow file for this run

.github/workflows/build.yml at 85a26b2
name: Build
on:
pull_request:
push:
branches: [main]
release:
types: [published]
jobs:
build-sdist:
name: Build Sdist
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Set up pixi
uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
with:
environments: build
- name: Set version
run: pixi run -e build set-version
- name: Build project
run: pixi run -e build build-sdist
- name: Upload package
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: sdist
path: dist/*
build-wheel:
name: Build Wheel (${{ matrix.target-platform }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- target-platform: linux-64
os: ubuntu-latest
- target-platform: linux-aarch64
os: ubuntu-24.04-arm
- target-platform: osx-64
os: macos-15-intel
- target-platform: osx-arm64
os: macos-latest
- target-platform: win-64
os: windows-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Set up pixi
uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4
with:
environments: build
- name: Set version
run: pixi run -e build set-version
- name: Install cargo-auditable
shell: bash
run: |
# cargo-auditable must be invoked as "cargo auditable <cmd>" (subcommand form), not as a
# direct CARGO replacement — the latter does not support "cargo rustc --profile".
# A thin wrapper script bridges the gap by forwarding all args through the subcommand.
if [[ "$RUNNER_OS" == "Linux" ]]; then
# before-script-linux handles installation inside the manylinux container.
# Set CARGO on the host so maturin-action passes it into the container.
echo "CARGO=/usr/local/bin/cargo-auditable-wrapper" >> "$GITHUB_ENV"
elif [[ "$RUNNER_OS" == "Windows" ]]; then
REAL_CARGO="$(cygpath -w "$(which cargo)")"
cargo install cargo-auditable@0.7.4 --locked
WRAPPER="C:/cargo-auditable-wrapper.cmd"
printf '@"%s" auditable %%*\n' "$REAL_CARGO" > "$WRAPPER"
echo "CARGO=$(cygpath -w "$WRAPPER")" >> "$GITHUB_ENV"
else
cargo install cargo-auditable@0.7.4 --locked
REAL_CARGO="$(which cargo)"
WRAPPER="/usr/local/bin/cargo-auditable-wrapper"
printf '#!/bin/sh\nREAL_CARGO="%s"\nexec "$REAL_CARGO" auditable "$@"\n' "$REAL_CARGO" > "$WRAPPER"
chmod +x "$WRAPPER"
echo "CARGO=$WRAPPER" >> "$GITHUB_ENV"
fi
- name: Build wheel
uses: PyO3/maturin-action@04ac600d27cdf7a9a280dadf7147097c42b757ad # v1.50.1
with:
command: build
args: --out dist --release -i python3.10
manylinux: auto
sccache: false
before-script-linux: |
cargo install cargo-auditable@0.7.4 --locked
REAL_CARGO="$(which cargo)"
printf '#!/bin/sh\nREAL_CARGO="%s"\nexec "$REAL_CARGO" auditable "$@"\n' "$REAL_CARGO" > /usr/local/bin/cargo-auditable-wrapper
chmod +x /usr/local/bin/cargo-auditable-wrapper
- name: Check package
run: pixi run -e build check-wheel
- name: Upload package
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: wheel-${{ matrix.target-platform }}
path: dist/*
release:
name: Publish package
if: github.event_name == 'release'
needs: build-wheel
runs-on: ubuntu-latest
permissions:
id-token: write
environment: pypi
steps:
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
path: dist
merge-multiple: true
- name: Publish package on PyPi
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0