update #33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) ONNX Project Contributors | |
| # | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Caller Workflow | |
| on: | |
| schedule: | |
| # Run weekly on Monday 00:00 | |
| - cron: '00 00 * * MON' | |
| push: | |
| branches: [main, rel-*,20240710_start_reuseableworkflow] | |
| pull_request: | |
| branches: [main, rel-*] | |
| jobs: | |
| call-workflow-ubuntu_x86: | |
| strategy: | |
| matrix: | |
| os: ['ubuntu-latest'] | |
| uses: andife/onnx/.github/workflows/release_linux_x86_64.yml@20240710_start_reuseableworkflow | |
| with: | |
| os: "linux_x86_64" | |
| call-workflow-ubuntu_aarch64: | |
| strategy: | |
| matrix: | |
| os: ['ubuntu-latest'] | |
| uses: andife/onnx/.github/workflows/release_linux_aarch64.yml@20240710_start_reuseableworkflow | |
| with: | |
| os: "linux_aarch64" | |
| # call-workflow-win: | |
| # strategy: | |
| # matrix: | |
| # os: ['windows-latest'] | |
| # uses: andife/onnx/.github/workflows/release_win.yml@20240710_start_reuseableworkflow | |
| # with: | |
| # node: "14" | |
| # os: "win" | |
| call-workflow-mac: | |
| strategy: | |
| matrix: | |
| os: ['mac-latest'] | |
| uses: andife/onnx/.github/workflows/release_mac.yml@20240710_start_reuseableworkflow | |
| with: | |
| os: "mac" | |
| # TODO: each for every OS? | |
| # provenance: | |
| # name: Generate SLSA provenance data | |
| # needs: [build] | |
| # permissions: | |
| # actions: read # Needed for detection of GitHub Actions environment. | |
| # id-token: write # Needed for provenance signing and ID | |
| # contents: write # Needed for release uploads, https://github.com/slsa-framework/slsa-github-generator/issues/2044 :( | |
| # uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | |
| # with: | |
| # base64-subjects: '${{ needs.build.outputs.hash }}' | |
| # # Upload provenance to a new release | |
| # upload-assets: true | |
| prepare-release: | |
| name: Prepare Files for Release (Github, pypi) | |
| runs-on: ubuntu-latest | |
| needs: [call-workflow-ubuntu_x86, call-workflow-ubuntu_aarch64, call-workflow-mac] | |
| if: always() && (needs.call-workflow-ubuntu_x86.result == 'success') && (needs.call-workflow-ubuntu_aarch64.result == 'success') && ((needs.call-workflow-mac.result == 'success')) | |
| permissions: | |
| contents: write # IMPORTANT: mandatory for making GitHub Releases | |
| id-token: write # IMPORTANT: mandatory for sigstore | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| pattern: wheels* # TODO change back to python-wheels? | |
| path: dist | |
| merge-multiple: true | |
| - name: Sign the dists with Sigstore #/home/runner/work/onnx/onnx/dist/*.tar.gz | |
| uses: sigstore/[email protected] | |
| with: | |
| inputs: >- | |
| /home/runner/work/onnx/onnx/dist/*.whl | |
| - name: Rename files # to match new file extension https://github.com/sigstore/sigstore-python/blob/main/CHANGELOG.md#changed | |
| run: | | |
| sudo apt install mmv | |
| mmv "/home/runner/work/onnx/onnx/dist/*.sigstore" /home/runner/work/onnx/onnx/dist/#1.sigstore.json | |
| - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b | |
| with: | |
| name: sigstore-files | |
| path: | | |
| /home/runner/work/onnx/onnx/dist/*.sigstore.json | |
| # TODO | |
| # at this point, we have the wheels and could check if they are usable by offline testing...continue-on-error: | |
| # For more information about environments and required approvals, see "Using environments for deployment." F | |
| # We can use a separate requirement for deploay | |
| release: | |
| name: Create Release | |
| runs-on: ubuntu-latest | |
| needs: [prepare-release] | |
| if: always() && (needs.prepare-release.result == 'success') | |
| permissions: | |
| contents: write # IMPORTANT: mandatory for making GitHub Releases | |
| id-token: write # IMPORTANT: mandatory for sigstore | |
| steps: | |
| - name: Upload artifact signatures to GitHub Release | |
| if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes # TODO check exact variants | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| # Upload to GitHub Release using the `gh` CLI. | |
| # `dist/` contains the built packages, and the | |
| # sigstore-produced signatures and certificates. | |
| run: >- | |
| gh release upload | |
| '${{ github.ref_name }}' /home/runner/work/onnx/onnx/dist/**.sigstore | |
| --repo '${{ github.repository }}' | |
| # https://docs.github.com/en/actions/managing-workflow-runs/reviewing-deployments | |
| - name: Publish distribution to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') # TODO check exact variants | |