diff --git a/.github/workflows/artifacts.yml b/.github/workflows/artifacts.yml index 371ad3db..387b67be 100644 --- a/.github/workflows/artifacts.yml +++ b/.github/workflows/artifacts.yml @@ -111,6 +111,11 @@ jobs: python_sdist: runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/p/pyoxigraph + permissions: + id-token: write steps: - uses: actions/checkout@v3 with: @@ -132,14 +137,18 @@ jobs: with: name: pyoxigraph_source path: target/wheels/*.tar.gz - - run: pip install twine && twine upload target/wheels/* - env: - TWINE_USERNAME: __token__ - TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} + - uses: pypa/gh-action-pypi-publish@release/v1 + with: + packages-dir: target/wheels if: github.event_name == 'release' wheel_linux: runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/p/pyoxigraph + permissions: + id-token: write strategy: matrix: architecture: [ "x86_64", "aarch64" ] @@ -158,17 +167,20 @@ jobs: if: github.event_name == 'release' || matrix.architecture == 'x86_64' - uses: actions/upload-artifact@v3 with: - name: pyoxigraph_wheel_x86_64_linux_gnu + name: pyoxigraph_wheel_linux_gnu path: target/wheels/*.whl - uses: pypa/gh-action-pypi-publish@release/v1 with: - user: __token__ - password: ${{ secrets.PYPI_PASSWORD }} packages-dir: target/wheels if: github.event_name == 'release' wheel_linux_musl: runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/p/pyoxigraph + permissions: + id-token: write strategy: matrix: architecture: [ "x86_64", "aarch64" ] @@ -187,17 +199,20 @@ jobs: if: github.event_name == 'release' || matrix.architecture == 'x86_64' - uses: actions/upload-artifact@v3 with: - name: pyoxigraph_wheel_x86_64_linux_musl + name: pyoxigraph_wheel_linux_musl path: target/wheels/*.whl - uses: pypa/gh-action-pypi-publish@release/v1 with: - user: __token__ - password: ${{ secrets.PYPI_PASSWORD }} packages-dir: target/wheels if: github.event_name == 'release' wheel_mac: runs-on: macos-latest + environment: + name: pypi + url: https://pypi.org/p/pyoxigraph + permissions: + id-token: write env: DEVELOPER_DIR: '/Applications/Xcode.app/Contents/Developer' SDKROOT: '/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk' @@ -231,16 +246,20 @@ jobs: if: github.event_name == 'release' - uses: actions/upload-artifact@v3 with: - name: pyoxigraph_wheel_universal2_mac + name: pyoxigraph_wheel_mac path: target/wheels/*.whl - - run: pip install twine && twine upload target/wheels/* - env: - TWINE_USERNAME: __token__ - TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} + - uses: pypa/gh-action-pypi-publish@release/v1 + with: + packages-dir: target/wheels if: github.event_name == 'release' wheel_windows: runs-on: windows-latest + environment: + name: pypi + url: https://pypi.org/p/pyoxigraph + permissions: + id-token: write steps: - uses: actions/checkout@v3 with: @@ -262,12 +281,11 @@ jobs: - run: maturin build --release -m python/Cargo.toml --features abi3 - uses: actions/upload-artifact@v3 with: - name: pyoxigraph_wheel_x86_64_windows + name: pyoxigraph_wheel_windows path: target/wheels/*.whl - - run: pip install twine && twine upload target/wheels/* - env: - TWINE_USERNAME: __token__ - TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} + - uses: pypa/gh-action-pypi-publish@release/v1 + with: + packages-dir: target/wheels if: github.event_name == 'release' npm_tarball: diff --git a/.github/workflows/manylinux_build.sh b/.github/workflows/manylinux_build.sh index 366e2867..48c69a2a 100644 --- a/.github/workflows/manylinux_build.sh +++ b/.github/workflows/manylinux_build.sh @@ -11,7 +11,7 @@ cd python python3.12 -m venv venv source venv/bin/activate pip install -r requirements.dev.txt -maturin develop --release +maturin develop --release --no-default-features --features rustls python generate_stubs.py pyoxigraph pyoxigraph.pyi --ruff maturin build --release --no-default-features --features abi3 --features rustls --compatibility manylinux2014 if [ %for_each_version% ]; then diff --git a/.github/workflows/musllinux_build.sh b/.github/workflows/musllinux_build.sh index 6a519d20..17d1233d 100644 --- a/.github/workflows/musllinux_build.sh +++ b/.github/workflows/musllinux_build.sh @@ -9,7 +9,7 @@ cd python python3.12 -m venv venv source venv/bin/activate pip install -r requirements.dev.txt -maturin develop --release +maturin develop --release --no-default-features --features rustls python generate_stubs.py pyoxigraph pyoxigraph.pyi --ruff maturin build --release --no-default-features --features abi3 --features rustls --compatibility musllinux_1_2 if [ %for_each_version% ]; then