Add a GitHub Actions workflow for automatically publishing releases to PyPI #141
Conversation
anoadragon453
force-pushed
the
anoa/pypi_ci
branch
3 times, most recently
from
6f7be65 to
36eb1cf
Compare
taking into account CentOS vs. Debian-based manylinux images. Solution taken from: sfackler/rust-openssl#2036 (comment)
anoadragon453
force-pushed
the
anoa/pypi_ci
branch
2 times, most recently
from
85b1b6c to
aabc5fa
Compare
anoadragon453
force-pushed
the
anoa/pypi_ci
branch
from
3a4e755 to
ad8dccc
Compare
| sccache: 'true' | ||
| manylinux: auto | ||
| # BEGIN EDITED SECTION # | ||
| # Install OpenSSL development headers into the manylinux docker container |
There was a problem hiding this comment.
I'm a bit confused why we need to install openssl if we're using vendored openssl? In general I'd rather not use vendored openssl where possible
There was a problem hiding this comment.
I agree that it's not the nicest solution to vendor OpenSSL.
I've gone ahead and reverted the vendoring, and while we do install libssl-dev and pkg-config, the openssl-sys crate continues to fail to find the headers.
And for the life of me I can't get it to find them! So very tempted to vendor here.
.github/workflows/pypi.yaml
Outdated
| - runner: ubuntu-latest | ||
| target: s390x | ||
| - runner: ubuntu-latest | ||
| target: ppc64le |
There was a problem hiding this comment.
Do we really want to build wheels for all these targets?
There was a problem hiding this comment.
Good point - I think we can safely drop s390x and ppc64le. I've done that in 6221bab.
I'm not sure whether to keep x86 around - some people may realistically still be using it.
This reverts commit aabc5fa.
To save on CI runner time.
anoadragon453
force-pushed
the
anoa/pypi_ci
branch
7 times, most recently
from
b59ca20 to
5244678
Compare
anoadragon453
force-pushed
the
anoa/pypi_ci
branch
from
5244678 to
024b203
Compare
This CI workflow was generated by running
maturin generate-ci github(how handy!). But did require a bit of finagling to satisfy the dependency on OpenSSL (boo!). Specifically, I ran into sfackler/rust-openssl#2036 (comment). I also found that I needed to set thevendoredfeature flag on theopenssldependency in order to get building on Linux working.To authorise to PyPI, we ended up using PyPI's Trusted Publishers feature, which the
maturin publishcommand supports out of the box. This involved configuring this repo and workflow name in PyPI, and then removing theenv: MATURIN_PYPI_TOKENline from the generated CI config (solution referenced here).I haven't tested this, but given that the config came from the
maturincommand directly, I have fairly high confidence. After this merges, I'll run the workflow manually on thev0.1.4tag.