From 0ea77a88bdb5a87c4f5a9728c0ee6820dfe8818d Mon Sep 17 00:00:00 2001 From: grydz Date: Tue, 2 Apr 2024 18:52:27 +0400 Subject: [PATCH 1/8] [CI] Fix: publish with pypa/gh-action-pypi-publish instead of PyO3/maturin-actio --- .github/workflows/CI.yml | 29 +++++++++++++++++++--------- .github/workflows/python.yml | 37 +++++++++++++++++++++--------------- 2 files changed, 42 insertions(+), 24 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 7a96710..1106a4b 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -7,30 +7,41 @@ env: permissions: contents: read + id-token: write jobs: python: + name: Python CI (${{ matrix.os }}) + uses: ./.github/workflows/python.yml strategy: fail-fast: false matrix: os: [ubuntu-20.04, macos-13] - uses: ./.github/workflows/python.yml - name: Python CI (${{ matrix.os }}) + target: [x86_64] + python-version: ['3.8', '3.9', '3.10', '3.11'] with: os: ${{ matrix.os }} + target: ${{ matrix.target }} + python-version: ${{ matrix.python-version }} release: - name: Release + name: Release for Python ${{ matrix.python-version }} (${{ matrix.target }}-$${{ matrix.os }}) runs-on: ubuntu-latest if: "startsWith(github.ref, 'refs/tags/')" needs: python + strategy: + fail-fast: false + matrix: + os: [ubuntu-20.04, macos-13] + target: [x86_64] + python-version: ['3.8', '3.9', '3.10', '3.11'] + steps: - name: Download artifacts uses: actions/download-artifact@v4 - - name: Publish to PyPI - uses: PyO3/maturin-action@v1 - env: - MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }} with: - command: upload - args: --skip-existing * + name: ${{ matrix.os }}-${{ matrix.python-version }}-${{ matrix.target }}-wheels + + - name: Publish packages to PyPi + if: ${{ startsWith(github.ref, 'refs/tags') && endsWith(github.ref, steps.metadata.outputs.PACKAGE_VERSION) }} + uses: pypa/gh-action-pypi-publish@release/v1 \ No newline at end of file diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index be5d8ca..128a832 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -6,46 +6,47 @@ on: os: required: true type: string + target: + required: true + type: string + python-version: + required: true + type: string env: PYTHON_SRC: "src" permissions: contents: read + id-token: write jobs: python: + name: Python ${{ inputs.python-version }} (${{ inputs.target }}) runs-on: ${{ inputs.os }} - strategy: - matrix: - target: [x86_64] - python-version: ['3.8', '3.9', '3.10', '3.11'] - name: Python ${{ matrix.python-version }} (${{ matrix.target }}) + environment: + name: release + url: https://pypi.org/p/intel-sgx-ra + steps: - name: Checkout uses: actions/checkout@v4 - - name: Set up Python ${{ matrix.python-version }} + - name: Set up Python ${{ inputs.python-version }} uses: actions/setup-python@v5 with: - python-version: ${{ matrix.python-version }} + python-version: ${{ inputs.python-version }} cache: 'pip' # caching pip dependencies - name: Build wheels uses: PyO3/maturin-action@v1 with: - target: ${{ matrix.target }} + target: ${{ inputs.target }} manylinux: manylinux2014 container: quay.io/pypa/manylinux2014_x86_64 - args: --release --out dist -i ${{ matrix.python-version }} + args: --release --out dist -i ${{ inputs.python-version }} sccache: 'true' - - name: Upload wheels - uses: actions/upload-artifact@v4 - with: - name: ${{ inputs.os }}-${{ matrix.python-version }}-${{ matrix.target }}-wheels - path: dist - - name: Install dependencies run: | if [ -f tests/requirements.txt ]; then python -m pip install -r tests/requirements.txt; fi @@ -84,3 +85,9 @@ jobs: - name: Test with pytest run: | python -m pytest + + - name: Upload wheels + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.os }}-${{ inputs.python-version }}-${{ inputs.target }}-wheels + path: dist From 3807ccb763d1b61d646596de15bcf06331375b4f Mon Sep 17 00:00:00 2001 From: grydz Date: Tue, 2 Apr 2024 18:53:07 +0400 Subject: [PATCH 2/8] Bump version to 2.2a1 --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 3b39378..6974736 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "maturin" [project] name = "intel-sgx-ra" -version = "2.3.0" +version = "2.2a1" description = "Intel SGX Remote Attestation verification library" authors = [ {name = "Cosmian Tech", email = "tech@cosmian.com"}, From 91382e09fee581a368aa046e3bc25f374d6d4ecc Mon Sep 17 00:00:00 2001 From: grydz Date: Tue, 2 Apr 2024 20:02:44 +0400 Subject: [PATCH 3/8] Bump version to 2.2a2 --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 6974736..d09a40f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "maturin" [project] name = "intel-sgx-ra" -version = "2.2a1" +version = "2.2a2" description = "Intel SGX Remote Attestation verification library" authors = [ {name = "Cosmian Tech", email = "tech@cosmian.com"}, From 125eca22b4bc9ebfa0f1b80d0c582f3336429c7b Mon Sep 17 00:00:00 2001 From: grydz Date: Tue, 2 Apr 2024 20:13:19 +0400 Subject: [PATCH 4/8] [CI] Fix: issue in environment for trusted publishing --- .github/workflows/CI.yml | 6 +++++- .github/workflows/python.yml | 4 ---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 1106a4b..34dbb63 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -25,7 +25,7 @@ jobs: python-version: ${{ matrix.python-version }} release: - name: Release for Python ${{ matrix.python-version }} (${{ matrix.target }}-$${{ matrix.os }}) + name: Release for Python ${{ matrix.python-version }} (${{ matrix.target }}-${{ matrix.os }}) runs-on: ubuntu-latest if: "startsWith(github.ref, 'refs/tags/')" needs: python @@ -35,12 +35,16 @@ jobs: os: [ubuntu-20.04, macos-13] target: [x86_64] python-version: ['3.8', '3.9', '3.10', '3.11'] + environment: + name: release + url: https://pypi.org/p/intel-sgx-ra steps: - name: Download artifacts uses: actions/download-artifact@v4 with: name: ${{ matrix.os }}-${{ matrix.python-version }}-${{ matrix.target }}-wheels + path: dist - name: Publish packages to PyPi if: ${{ startsWith(github.ref, 'refs/tags') && endsWith(github.ref, steps.metadata.outputs.PACKAGE_VERSION) }} diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index 128a832..7e564c1 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -18,15 +18,11 @@ env: permissions: contents: read - id-token: write jobs: python: name: Python ${{ inputs.python-version }} (${{ inputs.target }}) runs-on: ${{ inputs.os }} - environment: - name: release - url: https://pypi.org/p/intel-sgx-ra steps: - name: Checkout From 02f7fb48f328ff7424317ef66d470d69934f8b7f Mon Sep 17 00:00:00 2001 From: grydz Date: Tue, 2 Apr 2024 20:36:30 +0400 Subject: [PATCH 5/8] [CI] Fix: split release workflow --- .github/workflows/CI.yml | 41 ++++++++++++------------------ .github/workflows/pypi_release.yml | 32 +++++++++++++++++++++++ .github/workflows/python.yml | 8 +++++- 3 files changed, 55 insertions(+), 26 deletions(-) create mode 100644 .github/workflows/pypi_release.yml diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 34dbb63..adf7468 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -2,50 +2,41 @@ name: CI on: [push] -env: - PYTHON_SRC: "src" - permissions: contents: read id-token: write jobs: python: - name: Python CI (${{ matrix.os }}) uses: ./.github/workflows/python.yml + with: + os: ${{ matrix.os }} + target: ${{ matrix.target }} + python-version: ${{ matrix.python-version }} + name: Python CI (${{ matrix.os }}) strategy: fail-fast: false matrix: os: [ubuntu-20.04, macos-13] target: [x86_64] - python-version: ['3.8', '3.9', '3.10', '3.11'] + python-version: ['3.8', '3.9', '3.10', '3.11'] + + release: + needs: python + uses: ./.github/workflows/pypi_release.yml with: os: ${{ matrix.os }} target: ${{ matrix.target }} python-version: ${{ matrix.python-version }} - - release: - name: Release for Python ${{ matrix.python-version }} (${{ matrix.target }}-${{ matrix.os }}) - runs-on: ubuntu-latest - if: "startsWith(github.ref, 'refs/tags/')" - needs: python + package-version: ${{ needs.python.outputs.package-version }} + name: Release (${{ matrix.os }}) + if: ${{ startsWith(github.ref, 'refs/tags/') && endsWith(github.ref, needs.python.outputs.package-version) }} strategy: fail-fast: false matrix: os: [ubuntu-20.04, macos-13] target: [x86_64] python-version: ['3.8', '3.9', '3.10', '3.11'] - environment: - name: release - url: https://pypi.org/p/intel-sgx-ra - - steps: - - name: Download artifacts - uses: actions/download-artifact@v4 - with: - name: ${{ matrix.os }}-${{ matrix.python-version }}-${{ matrix.target }}-wheels - path: dist - - - name: Publish packages to PyPi - if: ${{ startsWith(github.ref, 'refs/tags') && endsWith(github.ref, steps.metadata.outputs.PACKAGE_VERSION) }} - uses: pypa/gh-action-pypi-publish@release/v1 \ No newline at end of file + permissions: + contents: read + id-token: write diff --git a/.github/workflows/pypi_release.yml b/.github/workflows/pypi_release.yml new file mode 100644 index 0000000..04169ea --- /dev/null +++ b/.github/workflows/pypi_release.yml @@ -0,0 +1,32 @@ +name: Release CI + +on: + workflow_call: + inputs: + os: + required: true + type: string + target: + required: true + type: string + python-version: + required: true + type: string + +jobs: + release: + name: Python ${{ inputs.python-version }} (${{ inputs.target }}) + runs-on: ubuntu-latest + environment: + name: release + url: https://pypi.org/p/intel-sgx-ra + + steps: + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: ${{ inputs.os }}-${{ inputs.python-version }}-${{ inputs.target }}-wheels + path: dist + + - name: Publish packages to PyPi + uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index 7e564c1..2c1c704 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -12,6 +12,10 @@ on: python-version: required: true type: string + outputs: + package-version: + description: "Version of the Python package" + value: ${{ jobs.build.outputs.package-version }} env: PYTHON_SRC: "src" @@ -20,9 +24,11 @@ permissions: contents: read jobs: - python: + build: name: Python ${{ inputs.python-version }} (${{ inputs.target }}) runs-on: ${{ inputs.os }} + outputs: + package-version: ${{ steps.metadata.outputs.PACKAGE_VERSION }} steps: - name: Checkout From fa76d9eb4bdc26913685ee59e68208337fb76282 Mon Sep 17 00:00:00 2001 From: grydz Date: Wed, 3 Apr 2024 11:20:33 +0400 Subject: [PATCH 6/8] [CI] Fix: don't use outputs of python workflow for now --- .github/workflows/CI.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index adf7468..9af28f2 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -28,9 +28,8 @@ jobs: os: ${{ matrix.os }} target: ${{ matrix.target }} python-version: ${{ matrix.python-version }} - package-version: ${{ needs.python.outputs.package-version }} name: Release (${{ matrix.os }}) - if: ${{ startsWith(github.ref, 'refs/tags/') && endsWith(github.ref, needs.python.outputs.package-version) }} + if: startsWith(github.ref, 'refs/tags/') strategy: fail-fast: false matrix: From a44280e0ecfee7c2b3c7e7d46e23c5e157db963e Mon Sep 17 00:00:00 2001 From: grydz Date: Wed, 3 Apr 2024 11:23:03 +0400 Subject: [PATCH 7/8] Bump version to 2.2a3 --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index d09a40f..37fac60 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "maturin" [project] name = "intel-sgx-ra" -version = "2.2a2" +version = "2.2a3" description = "Intel SGX Remote Attestation verification library" authors = [ {name = "Cosmian Tech", email = "tech@cosmian.com"}, From 9a024e0f164063982e9d1ec7f0644bbe229c82e3 Mon Sep 17 00:00:00 2001 From: grydz Date: Wed, 3 Apr 2024 11:35:48 +0400 Subject: [PATCH 8/8] Bump version to 2.2.0 --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 37fac60..74ae9cd 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "maturin" [project] name = "intel-sgx-ra" -version = "2.2a3" +version = "2.2.0" description = "Intel SGX Remote Attestation verification library" authors = [ {name = "Cosmian Tech", email = "tech@cosmian.com"},