Skip to content

update

update #43

# Copyright (c) ONNX Project Contributors
#
# SPDX-License-Identifier: Apache-2.0
name: Caller Workflow
on:
schedule:
# Run weekly on Monday 00:00
- cron: '00 00 * * MON'
push:
branches: [main, rel-*,20240710_start_reuseableworkflow]
pull_request:
branches: [main, rel-*]
jobs:
# Add job which save the current date to a variable
call-workflow-ubuntu_x86:
strategy:
matrix:
os: ['ubuntu-latest']
uses: andife/onnx/.github/workflows/release_linux_x86_64.yml@20240710_start_reuseableworkflow
with:
os: "linux_x86_64"
currdate: "20240708"
call-workflow-ubuntu_aarch64:
strategy:
matrix:
os: ['ubuntu-latest']
uses: andife/onnx/.github/workflows/release_linux_aarch64.yml@20240710_start_reuseableworkflow
with:
os: "linux_aarch64"
currdate: "20240708"
# call-workflow-win:
# strategy:
# matrix:
# os: ['windows-latest']
# uses: andife/onnx/.github/workflows/release_win.yml@20240710_start_reuseableworkflow
# with:
# node: "14"
# os: "win"
call-workflow-mac:
strategy:
matrix:
os: ['mac-latest']
uses: andife/onnx/.github/workflows/release_mac.yml@20240710_start_reuseableworkflow
with:
os: "mac"
currdate: "20240708"
# TODO: each for every OS?
# provenance:
# name: Generate SLSA provenance data
# needs: [build]
# permissions:
# actions: read # Needed for detection of GitHub Actions environment.
# id-token: write # Needed for provenance signing and ID
# contents: write # Needed for release uploads, https://github.com/slsa-framework/slsa-github-generator/issues/2044 :(
# uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
# with:
# base64-subjects: '${{ needs.build.outputs.hash }}'
# # Upload provenance to a new release
# upload-assets: true
publish-weekly:
name: Publish Weekly to PyPI
runs-on: ubuntu-latest
needs: [call-workflow-ubuntu_x86, call-workflow-ubuntu_aarch64, call-workflow-mac]
if: always() && (needs.call-workflow-ubuntu_x86.result == 'success') || (needs.call-workflow-ubuntu_aarch64.result == 'success') || ((needs.call-workflow-mac.result == 'success'))
environment:
name: testpypi # TODO: Does not yet exist, has to be created, see here: https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
url: https://test.pypi.org/p/af-test-onnx-sigstore
#url: https://pypi.org/p/onnx
#environment:
# name: pypi # TODO: Does not yet exist, has to be created, see here: https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
# url: https://pypi.org/p/onnx
permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases # TODO: check what is needed here?
id-token: write # IMPORTANT: mandatory for trusted publishing (which means without api-token or password)
steps:
- uses: actions/download-artifact@v4
with:
pattern: wheels* # TODO change back to python-wheels?
path: dist
merge-multiple: true
- name: Publish distribution to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
if: github.event_name == 'schedule'
prepare-release:
name: Release-Prep (p.ex. sigstore, pypi)
runs-on: ubuntu-latest
needs: [call-workflow-ubuntu_x86, call-workflow-ubuntu_aarch64, call-workflow-mac]
if: always() && (needs.call-workflow-ubuntu_x86.result == 'success') && (needs.call-workflow-ubuntu_aarch64.result == 'success') && ((needs.call-workflow-mac.result == 'success'))
permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for sigstore
steps:
- uses: actions/download-artifact@v4
with:
pattern: wheels* # TODO change back to python-wheels?
path: dist
merge-multiple: true
- name: Sign the dists with Sigstore #/home/runner/work/onnx/onnx/dist/*.tar.gz
uses: sigstore/[email protected]
with:
inputs: >-
/home/runner/work/onnx/onnx/dist/*.whl
- name: Rename files # to match new file extension https://github.com/sigstore/sigstore-python/blob/main/CHANGELOG.md#changed
run: |
sudo apt install mmv
mmv "/home/runner/work/onnx/onnx/dist/*.sigstore" /home/runner/work/onnx/onnx/dist/#1.sigstore.json
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b
with:
name: sigstore-files
path: |
/home/runner/work/onnx/onnx/dist/*.sigstore.json
# TODO
# at this point, we have the wheels and could check if they are usable by offline testing...continue-on-error:
# For more information about environments and required approvals, see "Using environments for deployment." F
# We can use a separate requirement for deploay
release:
name: Release (Publish to pypi and add files to github release)
runs-on: ubuntu-latest
needs: [prepare-release]
if: always() && (needs.prepare-release.result == 'success')
permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for sigstore
steps:
- name: Upload artifact signatures to GitHub Release
if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes # TODO check exact variants
env:
GITHUB_TOKEN: ${{ github.token }}
# Upload to GitHub Release using the `gh` CLI.
# `dist/` contains the built packages, and the
# sigstore-produced signatures and certificates.
run: >-
gh release upload
'${{ github.ref_name }}' /home/runner/work/onnx/onnx/dist/**.sigstore
--repo '${{ github.repository }}'
# https://docs.github.com/en/actions/managing-workflow-runs/reviewing-deployments
- name: Publish distribution to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') # TODO check exact variants