name: Python Tests
on:
push:
branches:
- stable
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
steps:
- uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: ${{ matrix.python-version }}
- name: Set up uv
uses: astral-sh/setup-uv@v7
- name: Install Rust toolchain
uses: actions-rust-lang/setup-rust-toolchain@v1
- name: Install dependencies
run: |
uv sync
- name: Build Python bindings
run: |
uv run maturin develop --release
- name: Run Python tests
run: |
uv run pytest test_cloudcheck.py -v
publish:
runs-on: ubuntu-latest
needs: test
if: github.event_name == 'push' && github.ref == 'refs/heads/stable'
permissions:
contents: write
steps:
- name: Generate app token
id: app-token
uses: actions/create-github-app-token@v3
with:
app-id: ${{ secrets.CLOUDCHECK_APP_ID }}
private-key: ${{ secrets.CLOUDCHECK_APP_PRIVATE_KEY }}
- uses: actions/checkout@v6
with:
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: "3.x"
- name: Set up Rust
uses: dtolnay/rust-toolchain@stable
- name: Set up uv
uses: astral-sh/setup-uv@v7
- name: Get current version
id: get_version
run: |
VERSION=$(grep '^version' Cargo.toml | head -1 | sed 's/.*"\(.*\)".*/\1/')
echo "VERSION=v${VERSION}" >> $GITHUB_OUTPUT
- name: Check for version change
id: version_check
run: |
git fetch --tags
LATEST_TAG=$(git describe --tags $(git rev-list --tags --max-count=1) 2>/dev/null || echo "none")
CURRENT="${{ steps.get_version.outputs.VERSION }}"
if [ "$LATEST_TAG" = "$CURRENT" ]; then
echo "changed=false" >> $GITHUB_OUTPUT
else
echo "changed=true" >> $GITHUB_OUTPUT
fi
- name: Build PyPi package
run: uv run maturin build --release --out dist
- name: Publish PyPi package
run: uv run maturin publish --skip-existing --username __token__ --password ${{ secrets.PYPI_TOKEN }}
- name: Tag release
if: steps.version_check.outputs.changed == 'true'
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git tag -a "${{ steps.get_version.outputs.VERSION }}" -m "Release ${{ steps.get_version.outputs.VERSION }}"
git push origin "refs/tags/${{ steps.get_version.outputs.VERSION }}"
linux:
runs-on: ${{ matrix.platform.runner }}
needs: publish
if: github.event_name == 'push' && github.ref == 'refs/heads/stable'
strategy:
matrix:
platform:
- runner: ubuntu-22.04
target: x86_64
- runner: ubuntu-22.04
target: x86
- runner: ubuntu-22.04
target: aarch64
- runner: ubuntu-22.04
target: armv7
- runner: ubuntu-22.04
target: ppc64le
steps:
- uses: actions/checkout@v6
- uses: actions/setup-python@v6
with:
python-version: 3.x
- name: Build wheels
uses: PyO3/maturin-action@v1
with:
target: ${{ matrix.platform.target }}
args: --release --out dist --find-interpreter
sccache: false
manylinux: auto
before-script-linux: |
if command -v apt-get >/dev/null 2>&1; then
# Debian-based
sudo apt-get update
sudo apt-get install -y pkg-config libssl-dev perl make gcc g++ binutils
elif command -v yum >/dev/null 2>&1; then
# CentOS-based
yum update -y
yum install -y openssl openssl-devel perl perl-core make gcc gcc-c++ binutils
else
echo "Error: Neither apt-get nor yum found"
exit 1
fi
- name: Upload wheels
uses: actions/upload-artifact@v7
with:
name: wheels-linux-${{ matrix.platform.target }}
path: dist
musllinux:
runs-on: ${{ matrix.platform.runner }}
needs: publish
if: github.event_name == 'push' && github.ref == 'refs/heads/stable'
strategy:
matrix:
platform:
- runner: ubuntu-22.04
target: x86_64
- runner: ubuntu-22.04
target: x86
- runner: ubuntu-22.04
target: aarch64
- runner: ubuntu-22.04
target: armv7
steps:
- uses: actions/checkout@v6
- uses: actions/setup-python@v6
with:
python-version: 3.x
- name: Build wheels
uses: PyO3/maturin-action@v1
with:
target: ${{ matrix.platform.target }}
args: --release --out dist --find-interpreter
sccache: false
manylinux: musllinux_1_2
before-script-linux: |
if command -v apk >/dev/null 2>&1; then
# Alpine (musllinux)
apk add --no-cache openssl-dev pkgconfig perl make musl-dev
elif command -v apt-get >/dev/null 2>&1; then
# Debian-based
sudo apt-get update
sudo apt-get install -y pkg-config libssl-dev perl make gcc g++ binutils
elif command -v yum >/dev/null 2>&1; then
# CentOS-based
yum update -y
yum install -y openssl openssl-devel perl perl-core make gcc gcc-c++ binutils
else
echo "Error: No supported package manager found"
exit 1
fi
- name: Upload wheels
uses: actions/upload-artifact@v7
with:
name: wheels-musllinux-${{ matrix.platform.target }}
path: dist
windows:
runs-on: ${{ matrix.platform.runner }}
needs: publish
if: github.event_name == 'push' && github.ref == 'refs/heads/stable'
strategy:
matrix:
platform:
- runner: windows-latest
target: x64
- runner: windows-latest
target: x86
steps:
- uses: actions/checkout@v6
- uses: actions/setup-python@v6
with:
python-version: 3.x
architecture: ${{ matrix.platform.target }}
- name: Build wheels
uses: PyO3/maturin-action@v1
with:
target: ${{ matrix.platform.target }}
args: --release --out dist --find-interpreter
sccache: false
- name: Upload wheels
uses: actions/upload-artifact@v7
with:
name: wheels-windows-${{ matrix.platform.target }}
path: dist
macos:
runs-on: ${{ matrix.platform.runner }}
needs: publish
if: github.event_name == 'push' && github.ref == 'refs/heads/stable'
strategy:
matrix:
platform:
- runner: macos-15-intel
target: x86_64
- runner: macos-latest
target: aarch64
steps:
- uses: actions/checkout@v6
- uses: actions/setup-python@v6
with:
python-version: 3.x
- name: Build wheels
uses: PyO3/maturin-action@v1
with:
target: ${{ matrix.platform.target }}
args: --release --out dist --find-interpreter
sccache: false
- name: Upload wheels
uses: actions/upload-artifact@v7
with:
name: wheels-macos-${{ matrix.platform.target }}
path: dist
sdist:
runs-on: ubuntu-latest
needs: publish
if: github.event_name == 'push' && github.ref == 'refs/heads/stable'
steps:
- uses: actions/checkout@v6
- name: Build sdist
uses: PyO3/maturin-action@v1
with:
command: sdist
args: --out dist
- name: Upload sdist
uses: actions/upload-artifact@v7
with:
name: wheels-sdist
path: dist
release:
name: Release
runs-on: ubuntu-latest
needs: [linux, musllinux, windows, macos, sdist]
if: github.event_name == 'push' && github.ref == 'refs/heads/stable'
permissions:
id-token: write
contents: write
attestations: write
steps:
- uses: actions/download-artifact@v8
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v4
with:
subject-path: 'wheels-*/*'
- name: Publish to PyPI
uses: PyO3/maturin-action@v1
env:
MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
with:
command: upload
args: --non-interactive --skip-existing wheels-*/*