Skip to content
build

ci: support attestation for *.whl files #3

Sign in to view logs

ci: support attestation for *.whl files

ci: support attestation for *.whl files #3

Workflow file for this run

.github/workflows/build.yml at 2eeecb8
name: build
on:
push:
branches:
- main
tags:
- "*"
pull_request:
workflow_dispatch:
permissions:
contents: read
jobs:
linux:
runs-on: ${{ matrix.platform.runner }}
permissions:
id-token: write
contents: write
attestations: write
strategy:
matrix:
platform:
- runner: ubuntu-24.04
target: x86_64
- runner: ubuntu-24.04
target: aarch64
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Build wheels
uses: PyO3/maturin-action@v1
with:
target: ${{ matrix.platform.target }}
args: --release --out dist --find-interpreter --manifest-path ./Cargo.toml
sccache: "true"
manylinux: auto
- name: Upload wheels
uses: actions/upload-artifact@v4
with:
name: wheels-linux-${{ matrix.platform.target }}
path: dist
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-path: dist/*
sdist:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Build sdist
uses: PyO3/maturin-action@v1
with:
command: sdist
args: --out dist --manifest-path ./Cargo.toml
- name: Upload sdist
uses: actions/upload-artifact@v4
with:
name: wheels-sdist
path: dist
release:
name: Release
runs-on: ubuntu-24.04
if: ${{ startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' }}
needs: [linux, sdist]
permissions:
id-token: write
contents: write
attestations: write
steps:
- uses: actions/download-artifact@v4
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: "wheels-*/*"