bashkit/.github/workflows/publish-python.yml at main · everruns/bashkit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
# PyPI publishing workflow for bashkit Python package
# Builds pre-compiled wheels for all major platforms and publishes to PyPI.
# Triggered alongside publish.yml on GitHub Release or manual dispatch.
# Adapted from https://github.com/pydantic/monty CI wheel-building pattern.
#
# Prerequisites:
#   - PyPI trusted publisher configured for this repo + workflow
#   - GitHub environment "release-python" created in repo settings

name: Publish Python

on:
  release:
    types: [published]
  workflow_dispatch:

permissions:
  contents: read

env:
  CARGO_TERM_COLOR: always
  PYTHON_VERSIONS: "3.9 3.10 3.11 3.12 3.13"

jobs:
  # Source distribution (platform-independent)
  build-sdist:
    name: Build sdist
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6

      - uses: actions/setup-python@v6
        with:
          python-version: "3.12"

      - uses: PyO3/maturin-action@v1
        with:
          command: sdist
          args: --out dist
          rust-toolchain: stable
          working-directory: crates/bashkit-python

      - uses: actions/upload-artifact@v7
        with:
          name: pypi_files-sdist
          path: crates/bashkit-python/dist

  # Pre-compiled binary wheels for each platform
  build:
    name: Build wheel - ${{ matrix.os }} (${{ matrix.target }}, ${{ matrix.manylinux || 'auto' }})
    strategy:
      fail-fast: false
      matrix:
        include:
          # Linux glibc
          - os: linux
            target: x86_64
            runs-on: ubuntu-latest
          - os: linux
            target: aarch64
            runs-on: ubuntu-latest

          # Linux musl
          - os: linux
            target: x86_64
            manylinux: musllinux_1_1
            runs-on: ubuntu-latest
          - os: linux
            target: aarch64
            manylinux: musllinux_1_1
            runs-on: ubuntu-latest

          # macOS
          - os: macos
            target: x86_64
            runs-on: macos-latest
          - os: macos
            target: aarch64
            runs-on: macos-latest

          # Windows
          - os: windows
            target: x86_64
            runs-on: windows-latest

    runs-on: ${{ matrix.runs-on }}
    steps:
      - uses: actions/checkout@v6

      - uses: actions/setup-python@v6
        with:
          python-version: "3.12"

      - name: Build wheels
        uses: PyO3/maturin-action@v1
        with:
          target: ${{ matrix.target }}
          manylinux: ${{ matrix.manylinux || 'auto' }}
          args: --release --out dist -i ${{ env.PYTHON_VERSIONS }}
          rust-toolchain: stable
          docker-options: -e CI
          working-directory: crates/bashkit-python

      - uses: actions/upload-artifact@v7
        with:
          name: pypi_files-${{ matrix.os }}-${{ matrix.target }}-${{ matrix.manylinux || 'manylinux' }}
          path: crates/bashkit-python/dist

  # Verify built artifacts
  inspect:
    name: Inspect artifacts
    needs: [build, build-sdist]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/download-artifact@v8
        with:
          pattern: pypi_files-*
          merge-multiple: true
          path: dist

      - name: List dist files
        run: |
          ls -lhR dist/
          echo "---"
          echo "Total files: $(ls -1 dist/ | wc -l)"

      - uses: astral-sh/setup-uv@v7
      - run: uvx twine check dist/*

  # Smoke-test wheels on each OS
  test-builds:
    name: Test wheel on ${{ matrix.os }}
    needs: [build]
    strategy:
      fail-fast: false
      matrix:
        include:
          - os: linux
            runs-on: ubuntu-latest
          - os: macos
            runs-on: macos-latest
          - os: windows
            runs-on: windows-latest
    runs-on: ${{ matrix.runs-on }}
    steps:
      - uses: actions/setup-python@v6
        with:
          python-version: "3.12"

      - uses: actions/download-artifact@v8
        with:
          pattern: pypi_files-${{ matrix.os }}-*
          merge-multiple: true
          path: dist

      - name: Install from wheel
        run: pip install bashkit --no-index --find-links dist --force-reinstall

      - name: Smoke test
        run: python -c "from bashkit import BashTool; t = BashTool(); r = t.execute_sync('echo hello'); print(r); assert r.exit_code == 0"

  # Publish to PyPI using trusted publishing (OIDC)
  publish:
    name: Publish to PyPI
    needs: [inspect, test-builds]
    if: success()
    runs-on: ubuntu-latest

    environment:
      name: release-python

    permissions:
      id-token: write

    steps:
      - uses: actions/download-artifact@v8
        with:
          pattern: pypi_files-*
          merge-multiple: true
          path: dist

      - name: List dist files
        run: ls -lhR dist/

      - uses: astral-sh/setup-uv@v7

      - name: Publish to PyPI
        run: uv publish --trusted-publishing always dist/*