Phase 7: GitHub Actions CI with cibuildwheel and trusted-publisher #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [master] | |
| tags: ["v*"] | |
| pull_request: | |
| branches: [master] | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.14" | |
| - name: Install linters | |
| run: pip install ruff cython-lint | |
| - name: Lint Python with ruff | |
| run: ruff check . --ignore SIM103 | |
| - name: Lint advisories (non-blocking) | |
| run: ruff check . --select SIM103 || true | |
| - name: Lint Cython | |
| run: > | |
| cython-lint | |
| wlsqm/fitter/defs.pyx wlsqm/fitter/defs.pxd | |
| wlsqm/fitter/infra.pyx wlsqm/fitter/infra.pxd | |
| wlsqm/fitter/impl.pyx wlsqm/fitter/impl.pxd | |
| wlsqm/fitter/polyeval.pyx wlsqm/fitter/polyeval.pxd | |
| wlsqm/fitter/interp.pyx wlsqm/fitter/interp.pxd | |
| wlsqm/fitter/simple.pyx wlsqm/fitter/simple.pxd | |
| wlsqm/fitter/expert.pyx | |
| wlsqm/utils/lapackdrivers.pyx wlsqm/utils/lapackdrivers.pxd | |
| wlsqm/utils/ptrwrap.pyx wlsqm/utils/ptrwrap.pxd | |
| || true | |
| test: | |
| needs: lint | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| python-version: ["3.11", "3.12", "3.13", "3.14"] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| # Apple Clang does not ship an OpenMP runtime; install libomp so that | |
| # meson's `dependency('openmp', required: false)` can find it. If meson | |
| # still cannot discover it the build falls back to serial and the tests | |
| # still pass, but installing libomp keeps the macOS runner on the same | |
| # parallel code path as Linux/Windows whenever possible. | |
| - name: Install libomp (macOS) | |
| if: runner.os == 'macOS' | |
| run: brew install libomp | |
| - name: Install build and test dependencies | |
| run: pip install meson-python meson ninja Cython numpy scipy pytest | |
| - name: Install wlsqm | |
| run: pip install --no-build-isolation -e . | |
| - name: Run tests | |
| run: pytest tests/ -v | |
| build-wheels: | |
| needs: test | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| # cibuildwheel config lives in pyproject.toml ([tool.cibuildwheel]) — | |
| # build list, skip list, test-requires, test-command, and the macOS | |
| # before-all that installs libomp. | |
| - uses: pypa/cibuildwheel@v3.4 | |
| - uses: actions/upload-artifact@v7 | |
| with: | |
| name: wheels-${{ matrix.os }} | |
| path: wheelhouse/*.whl | |
| sdist: | |
| needs: test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.14" | |
| - run: pip install build | |
| - run: python -m build --sdist | |
| - uses: actions/upload-artifact@v7 | |
| with: | |
| name: sdist | |
| path: dist/*.tar.gz | |
| publish: | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: [build-wheels, sdist] | |
| runs-on: ubuntu-latest | |
| # Requires the `pypi` environment to be configured on GitHub with a | |
| # trusted publisher for this repo + workflow + environment. No API token | |
| # stored as a secret; the job mints a short-lived OIDC token instead. | |
| environment: pypi | |
| permissions: | |
| id-token: write | |
| steps: | |
| - uses: actions/download-artifact@v8 | |
| with: | |
| path: dist/ | |
| merge-multiple: true | |
| - uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| packages-dir: dist/ |