Skip to content

Enable use of Azure Trusted Signer for code signing #155

Enable use of Azure Trusted Signer for code signing

Enable use of Azure Trusted Signer for code signing #155

on:
push:
paths-ignore:
- ".github/dependabot.yml"
- ".github/workflows/lint.yml"
- ".github/workflows/test.yml"
- ".pre-commit-config.yaml"
- ".ruff.toml"
- "README.md"
- "tests/**"
pull_request:
paths-ignore:
- ".github/dependabot.yml"
- ".github/workflows/lint.yml"
- ".github/workflows/test.yml"
- ".pre-commit-config.yaml"
- ".ruff.toml"
- "README.md"
- "tests/**"
workflow_dispatch:
inputs:
git_remote:
type: choice
description: "Git remote to checkout"
options:
- python
- hugovk
- Yhg1s
- pablogsal
- ambv
git_commit:
type: string
description: "Git commit to target for the release. Must use the full commit SHA, not the short ID"
cpython_release:
type: string
description: "CPython release number (ie '3.11.5', note without the 'v' prefix)"
name: "Build Python source and docs artifacts"
# Set from inputs for workflow_dispatch, or set defaults to test push/PR events
env:
GIT_REMOTE: ${{ github.event.inputs.git_remote || 'python' }}
GIT_COMMIT: ${{ github.event.inputs.git_commit || 'f6650f9ad73359051f3e558c2431a109bc016664' }}
CPYTHON_RELEASE: ${{ github.event.inputs.cpython_release || '3.12.3' }}
jobs:
verify-input:
runs-on: ubuntu-22.04
outputs:
# Needed because env vars are not available in the build-docs check below
cpython_release: ${{ env.CPYTHON_RELEASE }}
steps:
- name: "Workflow run information"
run: |
echo "git_remote: $GIT_REMOTE"
echo "git_commit: $GIT_COMMIT"
echo "cpython_release: $CPYTHON_RELEASE"
- name: "Checkout ${{ env.GIT_REMOTE }}/cpython"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: "${{ env.GIT_REMOTE }}/cpython"
ref: "v${{ env.CPYTHON_RELEASE }}"
path: "cpython"
- name: "Verify CPython commit matches tag"
run: |
if [[ "$GIT_COMMIT" != "$(cd cpython && git rev-parse HEAD)" ]]; then
echo "expected git commit ('$GIT_COMMIT') didn't match tagged commit ('$(git rev-parse HEAD)')"
exit 1
fi
build-source:
runs-on: ubuntu-22.04
needs:
- verify-input
steps:
- name: "Checkout python/release-tools"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: "Checkout ${{ env.GIT_REMOTE }}/cpython"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: "${{ env.GIT_REMOTE }}/cpython"
ref: "v${{ env.CPYTHON_RELEASE }}"
path: "cpython"
- name: "Setup Python"
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: 3.11
- name: "Install source dependencies"
run: |
python -m pip install --no-deps \
-r requirements.txt
- name: "Build Python release artifacts"
run: |
cd cpython
python ../release.py --export "$CPYTHON_RELEASE" --skip-docs
- name: "Upload the source artifacts"
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: source
path: |
cpython/${{ env.CPYTHON_RELEASE }}/src
build-docs:
runs-on: ubuntu-22.04
needs:
- verify-input
# Docs aren't built for alpha or beta releases.
if: (!(contains(needs.verify-input.outputs.cpython_release, 'a') || contains(needs.verify-input.outputs.cpython_release, 'b')))
steps:
- name: "Checkout ${{ env.GIT_REMOTE }}/cpython"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: "${{ env.GIT_REMOTE }}/cpython"
ref: "v${{ env.CPYTHON_RELEASE }}"
- name: "Setup Python"
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: 3.11
- name: "Install docs dependencies"
run: |
python -m pip install \
-r Doc/requirements.txt
sudo apt-get update
sudo apt-get install --yes --no-install-recommends \
latexmk texlive-xetex xindy texinfo texlive-latex-base \
texlive-fonts-recommended texlive-fonts-extra \
texlive-full
- name: "Build docs"
run: |
cd Doc
SPHINXOPTS="-j10" make dist
- name: "Upload the docs artifacts"
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: docs
path: |
Doc/dist/
test-source:
runs-on: ubuntu-22.04
needs:
- build-source
steps:
- name: "Download the source artifacts"
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: source
- name: "Test Python source tarballs"
run: |
mkdir -p ./tmp/installation/
cp "Python-$CPYTHON_RELEASE.tgz" ./tmp/
cd tmp/
tar xvf "Python-$CPYTHON_RELEASE.tgz"
cd "Python-$CPYTHON_RELEASE"
./configure "--prefix=$(realpath '../installation/')"
make -j
make install -j
cd ../installation
./bin/python3 -m test -uall