Merge branch 'main' into release_ci #244
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) ONNX Project Contributors | ||
| # | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
| name: Create Releases | ||
| on: | ||
| schedule: | ||
| # Run weekly on Monday 00:00 UTC | ||
| - cron: '00 00 * * MON' | ||
| push: | ||
| branches: [main, rel-*] | ||
| pull_request: | ||
| branches: [main, rel-*] | ||
| types: | ||
| - labeled # Trigger when a label is added to a PR, more information: https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request | ||
| release: | ||
| branches: [rel-*] | ||
| types: [published] | ||
| workflow_dispatch: | ||
| inputs: | ||
| publish_pypi_onnxweekly: | ||
| description: 'Publish to pypi_onnxweekly' | ||
| required: true | ||
| type: choice | ||
| options: | ||
| - 'yes' | ||
| - 'no' | ||
| default: 'no' | ||
| publish_testpypi_onnxweekly: | ||
| description: 'Publish to testpypi_onnxweekly' | ||
| required: true | ||
| type: choice | ||
| options: | ||
| - 'yes' | ||
| - 'no' | ||
| default: 'no' | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name == 'workflow_dispatch' }} | ||
| cancel-in-progress: true | ||
| jobs: | ||
| call-workflow-ubuntu_x86: | ||
| if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run release CIs') | ||
| uses: ./.github/workflows/release_linux_x86_64.yml | ||
| with: | ||
| os: "linux_x86_64" | ||
| secrets: inherit | ||
| call-workflow-ubuntu_aarch64: | ||
| if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run release CIs') | ||
| uses: ./.github/workflows/release_linux_aarch64.yml | ||
| with: | ||
| os: "linux_aarch64" | ||
| secrets: inherit | ||
| call-workflow-win: | ||
| if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run release CIs') | ||
| uses: ./.github/workflows/release_win.yml | ||
| with: | ||
| os: "win" | ||
| secrets: inherit | ||
| call-workflow-mac: | ||
| if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run release CIs') | ||
| uses: ./.github/workflows/release_mac.yml | ||
| with: | ||
| os: "macos" | ||
| secrets: inherit | ||
| call-workflow-sdist: | ||
| if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run release CIs') | ||
| uses: ./.github/workflows/release_sdist.yml | ||
| with: | ||
| os: "macos" | ||
| secrets: inherit | ||
| publish_devbuild_to_testpypi: | ||
| name: Publish devbuild to test.pypi | ||
| runs-on: ubuntu-latest | ||
| needs: [call-workflow-ubuntu_x86, call-workflow-ubuntu_aarch64, call-workflow-mac, call-workflow-win, call-workflow-sdist] | ||
| if: ${{ always() }} && (github.event.inputs.publish_wheel_testpypi == 'yes' ) | ||
| # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#example-not-requiring-successful-dependent-jobs | ||
| environment: | ||
| name: testpypi_onnxweekly | ||
| url: https://test.pypi.org/p/onnx-weekly | ||
| permissions: | ||
| contents: write # IMPORTANT: mandatory for making GitHub Releases | ||
| id-token: write | ||
| steps: | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | ||
| if: (github.event_name == 'workflow_dispatch' ) && ((needs.call-workflow-mac.result == 'success') || (needs.call-workflow-ubuntu_x86.result == 'success') || (needs.call-workflow-ubuntu_aarch64.result == 'success') || (needs.call-workflow-win.result == 'success')) | ||
| with: | ||
| pattern: wheels* | ||
| path: dist | ||
| merge-multiple: true | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | ||
| if: (github.event_name == 'workflow_dispatch' ) && (needs.call-workflow-sdist.result == 'success') | ||
| with: | ||
| pattern: sdist | ||
| path: dist | ||
| merge-multiple: true | ||
| - name: Publish dev-build to test.pypi | ||
| if: (github.ref == 'refs/heads/main') && (github.event.inputs.publish_testpypi_onnxweekly == 'yes') && (github.repository_owner == 'onnx') | ||
| uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc | ||
| with: | ||
| repository-url: https://test.pypi.org/legacy/ | ||
| verbose: true | ||
| print-hash: true | ||
| - uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: combined_artifacts_prebuild | ||
| path: dist | ||
| ########################################################################################################################## | ||
| publish_devbuild_to_pypi: | ||
| name: Publish devbuild to pypi | ||
| runs-on: ubuntu-latest | ||
| needs: [call-workflow-ubuntu_x86, call-workflow-ubuntu_aarch64, call-workflow-mac, call-workflow-win, call-workflow-sdist] | ||
| if: ${{ always() }} && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#example-not-requiring-successful-dependent-jobs | ||
| environment: | ||
| name: pypi-weekly | ||
| url: https://pypi.org/p/onnx-weekly | ||
| permissions: | ||
| contents: write # IMPORTANT: mandatory for making GitHub Releases | ||
| id-token: write | ||
| steps: | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | ||
| if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && ((needs.call-workflow-mac.result == 'success') || (needs.call-workflow-ubuntu_x86.result == 'success') || (needs.call-workflow-ubuntu_aarch64.result == 'success') || (needs.call-workflow-win.result == 'success')) | ||
| with: | ||
| pattern: wheels* | ||
| path: dist | ||
| merge-multiple: true | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | ||
| if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && (needs.call-workflow-sdist.result == 'success') | ||
| with: | ||
| pattern: sdist | ||
| path: dist | ||
| merge-multiple: true | ||
| - name: Publish devbuild to pypi | ||
| if: (github.ref == 'refs/heads/main') && (github.event_name == 'schedule' || github.event.inputs.publish_pypi_onnxweekly == 'yes') && (github.repository_owner == 'onnx') | ||
| uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc | ||
| with: | ||
| repository-url: https://upload.pypi.org/legacy/ | ||
| verbose: true | ||
| print-hash: true | ||
| ########################################################################################################################## | ||
| prepare-release: | ||
| name: Release-Prep (p.ex. sigstore, pypi) | ||
| runs-on: ubuntu-latest | ||
| needs: [call-workflow-mac, call-workflow-ubuntu_x86, call-workflow-ubuntu_aarch64, call-workflow-win] | ||
| if: (needs.call-workflow-mac.result == 'success') && (needs.call-workflow-ubuntu_x86.result == 'success') && (needs.call-workflow-ubuntu_aarch64.result == 'success') && (needs.call-workflow-win.result == 'success') | ||
| permissions: | ||
| contents: write # IMPORTANT: mandatory for making GitHub Releases | ||
| id-token: write # IMPORTANT: mandatory for sigstore | ||
| steps: | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | ||
| with: | ||
| pattern: wheels* | ||
| path: dist | ||
| merge-multiple: true | ||
| - name: Sign the artifacts with sigstore #/home/runner/work/onnx/onnx/dist/*.tar.gz | ||
| # Signing should only be done for the final release and maybe not for release candidates... probably this prep release steps has to be splitted or renamend to prepare signatures | ||
| if: github.event_name != 'pull_request' || startsWith( github.base_ref, 'rel-') | ||
| uses: sigstore/[email protected] | ||
| with: | ||
| inputs: >- | ||
| /home/runner/work/onnx/onnx/dist/*.whl | ||
| - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b | ||
| if: github.event_name != 'pull_request' || startsWith( github.base_ref, 'rel-') | ||
| with: | ||
| name: sigstore-files | ||
| path: "/home/runner/work/onnx/onnx/dist/*.sigstore.json" | ||
| # TODO | ||
| # at this point, we have the wheels and could check if they are usable by offline testing...continue-on-error: | ||
| # For more information about environments and required approvals, see "Using environments for deployment." F | ||
| # We can use a separate requirement for deploy | ||
| github_release: | ||
| # TODO Add a deployment step for reviewing https://docs.github.com/en/actions/managing-workflow-runs/reviewing-deployments | ||
| name: Release (Add files to github release) | ||
| runs-on: ubuntu-latest | ||
| needs: [prepare-release] | ||
| if: startsWith(github.ref, 'refs/tags/') && startsWith(github.base_ref, 'rel-') && (needs.publish-to-testpypi.result == 'success' || needs.publish-to-pypi.result == 'success') | ||
| steps: | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | ||
| with: | ||
| pattern: sigstore-files* # TODO change back to python-wheels? | ||
| path: dist | ||
| merge-multiple: true | ||
| # The Release is created by the Github GUI, we only add the files here | ||
| - name: Upload artifact signatures to GitHub Release | ||
| if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes # TODO check exact variants | ||
| env: | ||
| GITHUB_TOKEN: ${{ github.token }} | ||
| run: >- | ||
| gh release upload '${{ github.ref_name }}' dist/*.sigstore.json | ||
| test_sdist: | ||
| needs: [publish_devbuild_to_pypi] | ||
| if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'run release CIs') | ||
| uses: ./.github/workflows/release_test_weekly_sdist.yml | ||
| with: | ||
| os: "macos" | ||
| secrets: inherit | ||
