Prepare for 0.4.0 release (#70) #7
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Python SDK & .NET SDK | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| permissions: | |
| contents: read | |
| jobs: | |
| # Build all Python packages on Linux (pure + backend wheels). | |
| build-linux: | |
| if: ${{ !github.event.act }} | |
| name: Build Linux packages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 | |
| with: | |
| cache-key: release | |
| rustflags: "" | |
| - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 | |
| - name: Install Python | |
| run: uv python install 3.10 3.11 3.12 3.13 | |
| - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: "latest" | |
| cache: npm | |
| cache-dependency-path: src/wasm_sandbox/guests/javascript/package-lock.json | |
| - name: Install just | |
| run: cargo install --locked just | |
| - name: Install clang | |
| run: sudo apt-get update && sudo apt-get install -y clang | |
| - name: Build all Python packages | |
| run: | | |
| export INTERPRETERS="--interpreter $(uv python find 3.10) $(uv python find 3.11) $(uv python find 3.12) $(uv python find 3.13)" | |
| just python-dist | |
| - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: python-wheels-linux | |
| path: dist/pythonsdk/ | |
| # Build Windows-specific maturin backend wheels only. | |
| build-windows: | |
| if: ${{ !github.event.act }} | |
| name: Build Windows backend wheels | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 | |
| with: | |
| cache-key: release | |
| rustflags: "" | |
| - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 | |
| - name: Install Python | |
| run: uv python install 3.10 3.11 3.12 3.13 | |
| - name: Install just | |
| run: cargo install --locked just | |
| - name: Install LLVM | |
| run: choco install llvm -y | |
| - name: Build backend wheels | |
| shell: pwsh | |
| run: | | |
| $interps = "3.10", "3.11", "3.12", "3.13" | ForEach-Object { & uv python find $_ } | |
| $env:INTERPRETERS = "--interpreter $($interps -join ' ')" | |
| just python-dist-backends | |
| - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: python-wheels-windows | |
| path: dist/pythonsdk/ | |
| # Merge artifacts from both platforms and publish to PyPI. | |
| publish: | |
| if: ${{ !github.event.act }} | |
| name: Publish to PyPI | |
| needs: [build-linux, build-windows] | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: pypi | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 | |
| - name: Install just | |
| run: cargo install --locked just | |
| - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| path: dist/pythonsdk/ | |
| merge-multiple: true | |
| pattern: python-wheels-* | |
| - name: Publish to PyPI | |
| run: just python python-publish | |
| # Build the Windows native library for the .NET P/Invoke NuGet package. | |
| dotnet-build-windows: | |
| if: ${{ !github.event.act }} | |
| name: Build Windows .NET native library | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.15.4 | |
| with: | |
| cache-key: release-windows-dotnet | |
| rustflags: "" | |
| - name: Install just | |
| run: cargo install --locked just | |
| - name: Install LLVM | |
| run: choco install llvm -y | |
| - name: Build sandbox runtimes | |
| run: | | |
| just wasm build release | |
| just js build release | |
| - name: Build Windows native library | |
| run: just dotnet build-rust release | |
| - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: dotnet-native-windows | |
| path: target/release/hyperlight_sandbox_dotnet_ffi.dll | |
| # Build and publish .NET NuGet packages. | |
| dotnet-publish: | |
| if: ${{ !github.event.act }} | |
| name: Publish .NET NuGet packages | |
| needs: [dotnet-build-windows] | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: nuget | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.15.4 | |
| with: | |
| cache-key: release | |
| rustflags: "" | |
| - uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 | |
| with: | |
| dotnet-version: '8.0.x' | |
| - name: Install just | |
| run: cargo install --locked just | |
| - name: Install clang | |
| run: sudo apt-get update && sudo apt-get install -y clang | |
| - name: Enable KVM | |
| run: | | |
| echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules | |
| sudo udevadm control --reload-rules | |
| sudo udevadm trigger --name-match=kvm | |
| sudo chmod 666 /dev/kvm | |
| - name: Build sandbox runtimes | |
| run: | | |
| just wasm build release | |
| just js build release | |
| - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: dotnet-native-windows | |
| path: target/release | |
| - name: Build and pack | |
| run: just dotnet dist | |
| - name: Package test | |
| run: just dotnet package-test release | |
| - name: Verify NuGet native assets | |
| run: | | |
| unzip -l dist/dotnetsdk/Hyperlight.HyperlightSandbox.PInvoke.*.nupkg | grep -F "runtimes/linux-x64/native/libhyperlight_sandbox_dotnet_ffi.so" | |
| unzip -l dist/dotnetsdk/Hyperlight.HyperlightSandbox.PInvoke.*.nupkg | grep -F "runtimes/win-x64/native/hyperlight_sandbox_dotnet_ffi.dll" | |
| - name: NuGet login | |
| uses: NuGet/login@ebc737b6fc418a6ca0073cf116ec8dc156d8b81e # v1 | |
| id: nuget-login | |
| with: | |
| user: ${{ vars.NUGET_USER }} | |
| - name: Publish to NuGet | |
| env: | |
| NUGET_API_KEY: ${{ steps.nuget-login.outputs.NUGET_API_KEY }} | |
| run: just dotnet publish |