Enable use of Azure Trusted Signer for code signing #155
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
paths-ignore: | |
- ".github/dependabot.yml" | |
- ".github/workflows/lint.yml" | |
- ".github/workflows/test.yml" | |
- ".pre-commit-config.yaml" | |
- ".ruff.toml" | |
- "README.md" | |
- "tests/**" | |
pull_request: | |
paths-ignore: | |
- ".github/dependabot.yml" | |
- ".github/workflows/lint.yml" | |
- ".github/workflows/test.yml" | |
- ".pre-commit-config.yaml" | |
- ".ruff.toml" | |
- "README.md" | |
- "tests/**" | |
workflow_dispatch: | |
inputs: | |
git_remote: | |
type: choice | |
description: "Git remote to checkout" | |
options: | |
- python | |
- hugovk | |
- Yhg1s | |
- pablogsal | |
- ambv | |
git_commit: | |
type: string | |
description: "Git commit to target for the release. Must use the full commit SHA, not the short ID" | |
cpython_release: | |
type: string | |
description: "CPython release number (ie '3.11.5', note without the 'v' prefix)" | |
name: "Build Python source and docs artifacts" | |
# Set from inputs for workflow_dispatch, or set defaults to test push/PR events | |
env: | |
GIT_REMOTE: ${{ github.event.inputs.git_remote || 'python' }} | |
GIT_COMMIT: ${{ github.event.inputs.git_commit || 'f6650f9ad73359051f3e558c2431a109bc016664' }} | |
CPYTHON_RELEASE: ${{ github.event.inputs.cpython_release || '3.12.3' }} | |
jobs: | |
verify-input: | |
runs-on: ubuntu-22.04 | |
outputs: | |
# Needed because env vars are not available in the build-docs check below | |
cpython_release: ${{ env.CPYTHON_RELEASE }} | |
steps: | |
- name: "Workflow run information" | |
run: | | |
echo "git_remote: $GIT_REMOTE" | |
echo "git_commit: $GIT_COMMIT" | |
echo "cpython_release: $CPYTHON_RELEASE" | |
- name: "Checkout ${{ env.GIT_REMOTE }}/cpython" | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: "${{ env.GIT_REMOTE }}/cpython" | |
ref: "v${{ env.CPYTHON_RELEASE }}" | |
path: "cpython" | |
- name: "Verify CPython commit matches tag" | |
run: | | |
if [[ "$GIT_COMMIT" != "$(cd cpython && git rev-parse HEAD)" ]]; then | |
echo "expected git commit ('$GIT_COMMIT') didn't match tagged commit ('$(git rev-parse HEAD)')" | |
exit 1 | |
fi | |
build-source: | |
runs-on: ubuntu-22.04 | |
needs: | |
- verify-input | |
steps: | |
- name: "Checkout python/release-tools" | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: "Checkout ${{ env.GIT_REMOTE }}/cpython" | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: "${{ env.GIT_REMOTE }}/cpython" | |
ref: "v${{ env.CPYTHON_RELEASE }}" | |
path: "cpython" | |
- name: "Setup Python" | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
with: | |
python-version: 3.11 | |
- name: "Install source dependencies" | |
run: | | |
python -m pip install --no-deps \ | |
-r requirements.txt | |
- name: "Build Python release artifacts" | |
run: | | |
cd cpython | |
python ../release.py --export "$CPYTHON_RELEASE" --skip-docs | |
- name: "Upload the source artifacts" | |
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
with: | |
name: source | |
path: | | |
cpython/${{ env.CPYTHON_RELEASE }}/src | |
build-docs: | |
runs-on: ubuntu-22.04 | |
needs: | |
- verify-input | |
# Docs aren't built for alpha or beta releases. | |
if: (!(contains(needs.verify-input.outputs.cpython_release, 'a') || contains(needs.verify-input.outputs.cpython_release, 'b'))) | |
steps: | |
- name: "Checkout ${{ env.GIT_REMOTE }}/cpython" | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: "${{ env.GIT_REMOTE }}/cpython" | |
ref: "v${{ env.CPYTHON_RELEASE }}" | |
- name: "Setup Python" | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
with: | |
python-version: 3.11 | |
- name: "Install docs dependencies" | |
run: | | |
python -m pip install \ | |
-r Doc/requirements.txt | |
sudo apt-get update | |
sudo apt-get install --yes --no-install-recommends \ | |
latexmk texlive-xetex xindy texinfo texlive-latex-base \ | |
texlive-fonts-recommended texlive-fonts-extra \ | |
texlive-full | |
- name: "Build docs" | |
run: | | |
cd Doc | |
SPHINXOPTS="-j10" make dist | |
- name: "Upload the docs artifacts" | |
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
with: | |
name: docs | |
path: | | |
Doc/dist/ | |
test-source: | |
runs-on: ubuntu-22.04 | |
needs: | |
- build-source | |
steps: | |
- name: "Download the source artifacts" | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: source | |
- name: "Test Python source tarballs" | |
run: | | |
mkdir -p ./tmp/installation/ | |
cp "Python-$CPYTHON_RELEASE.tgz" ./tmp/ | |
cd tmp/ | |
tar xvf "Python-$CPYTHON_RELEASE.tgz" | |
cd "Python-$CPYTHON_RELEASE" | |
./configure "--prefix=$(realpath '../installation/')" | |
make -j | |
make install -j | |
cd ../installation | |
./bin/python3 -m test -uall |