bump actions/checkout to v4 #552
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: [push, pull_request] | |
# Notes on workflow security: | |
# This workflow was written such that the release artifacts (wheels) | |
# are built and published in an environment with the least additional dependencies. | |
# To achieve that, the execution of tests and the building of docs is done | |
# in separate jobs from the job that builds wheels. Both tests and docs require | |
# many additional PyPI packages each of which could insert malicious code into | |
# the built wheels if everything was running within a single job. | |
# Another concern is the use of third-party actions ('uses:'). In particular, | |
# uploaded artifacts (wheels) can be overridden in subsequent build steps/jobs. | |
# This is possible as actions (compared to 'run:' scripts) have access to a | |
# special (undocumented) artifacts token (not the regular GITHUB_TOKEN) which | |
# is used by the actions/upload-artifact action. See also: | |
# https://github.com/actions/upload-artifact/issues/197 | |
# As a mitigation, in this workflow none of the jobs that run before and | |
# including the one that publishes the wheels to PyPI uses third-party actions. | |
# Lastly, the GITHUB_TOKEN permissions are set to read-only by default except | |
# for the job that deploys to GitHub Pages. In that job, a third-party action | |
# is used that writes to the 'gh-pages' branch of the repository. | |
# This will change in the near future once pages can be deployed directly | |
# without writing to a branch by using the new in-beta actions/deploy-pages action. | |
# After that, no third-party actions will be used and the token permissions are fully | |
# read-only. | |
permissions: read-all | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
# NOTE: When updating this list, also update the 'test' job! | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.9' | |
numpy-version: '2.0.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.10' | |
numpy-version: '2.0.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.11' | |
numpy-version: '2.0.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.12' | |
numpy-version: '2.0.*' | |
- os-image: macos-12 | |
os-name: mac | |
python-arch: x86_64 | |
macos-min-version: '10.9' | |
python-version: '3.9' | |
numpy-version: '2.0.*' | |
- os-image: macos-12 | |
os-name: mac | |
python-arch: x86_64 | |
macos-min-version: '10.9' | |
python-version: '3.10' | |
numpy-version: '2.0.*' | |
- os-image: macos-12 | |
os-name: mac | |
python-arch: x86_64 | |
macos-min-version: '10.9' | |
python-version: '3.11' | |
numpy-version: '2.0.*' | |
- os-image: macos-12 | |
os-name: mac | |
python-arch: x86_64 | |
macos-min-version: '10.9' | |
python-version: '3.12' | |
numpy-version: '2.0.*' | |
- os-image: macos-14 # M1 | |
os-name: mac | |
python-arch: arm64 | |
macos-min-version: '11.0' | |
python-version: '3.10' | |
numpy-version: '2.0.*' | |
- os-image: macos-14 # M1 | |
os-name: mac | |
python-arch: arm64 | |
macos-min-version: '11.0' | |
python-version: '3.11' | |
numpy-version: '2.0.*' | |
- os-image: macos-14 # M1 | |
os-name: mac | |
python-arch: arm64 | |
macos-min-version: '11.0' | |
python-version: '3.12' | |
numpy-version: '2.0.*' | |
- os-image: windows-latest | |
os-name: windows | |
python-version: '3.9' | |
python-arch: 'x86_64' | |
numpy-version: '2.0.*' | |
- os-image: windows-latest | |
os-name: windows | |
python-version: '3.10' | |
python-arch: 'x86_64' | |
numpy-version: '2.0.*' | |
- os-image: windows-latest | |
os-name: windows | |
python-version: '3.11' | |
python-arch: 'x86_64' | |
numpy-version: '2.0.*' | |
- os-image: windows-latest | |
os-name: windows | |
python-version: '3.12' | |
python-arch: 'x86_64' | |
numpy-version: '2.0.*' | |
permissions: | |
security-events: write | |
runs-on: ${{ matrix.config.os-image }} | |
# For Linux, don't run all steps in container anymore to avoid issue with glibc versions. | |
# See https://github.com/actions/checkout/issues/1809. | |
# container: ${{ matrix.config.docker-image }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
# - name: Initialize CodeQL | |
# if: matrix.config.python-version == '3.10' | |
# uses: github/codeql-action/init@v3 | |
# with: | |
# languages: python, cpp | |
# setup-python-dependencies: false | |
- name: Build wheel (Linux) | |
if: matrix.config.os-name == 'linux' | |
# See comment above. | |
# run: .github/scripts/build-linux.sh | |
run: docker run --rm -e PYTHON_VERSION -e NUMPY_VERSION -w /io -v `pwd`:/io ${{ matrix.config.docker-image }} /io/.github/scripts/build-linux.sh | |
env: | |
PYTHON_VERSION: ${{ matrix.config.python-version }} | |
NUMPY_VERSION: ${{ matrix.config.numpy-version }} | |
- name: Setup Python (Windows) | |
if: matrix.config.os-name == 'windows' | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.config.python-version }} | |
- name: Build wheel (Windows) | |
if: matrix.config.os-name == 'windows' | |
run: .github/scripts/build-windows.ps1 | |
shell: pwsh | |
env: | |
PYTHON_VERSION: ${{ matrix.config.python-version }} | |
PYTHON_ARCH: ${{ matrix.config.python-arch }} | |
NUMPY_VERSION: ${{ matrix.config.numpy-version }} | |
- name: Build wheel (macOS) | |
if: matrix.config.os-name == 'mac' | |
run: .github/scripts/build-macos.sh | |
env: | |
PYTHON_ARCH: ${{ matrix.config.python-arch }} | |
MACOS_MIN_VERSION: ${{ matrix.config.macos-min-version }} | |
PYTHON_VERSION: ${{ matrix.config.python-version }} | |
NUMPY_VERSION: ${{ matrix.config.numpy-version }} | |
- name: Store wheel as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: wheel-${{ matrix.config.os-name }}-${{ matrix.config.python-arch }}-${{ matrix.config.python-version }} | |
path: dist | |
# - name: Perform CodeQL Analysis | |
# if: matrix.config.python-version == '3.10' | |
# uses: github/codeql-action/analyze@v3 | |
# with: | |
# category: ${{ matrix.config.os-name }} | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
# GitHub Actions doesn't support YAML anchors, | |
# so this has to be duplicated here. | |
config: | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.9' | |
numpy-version: '2.0.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.10' | |
numpy-version: '2.0.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.11' | |
numpy-version: '2.0.*' | |
- os-image: ubuntu-latest | |
os-name: linux | |
docker-image: quay.io/pypa/manylinux2014_x86_64 | |
python-arch: 'x86_64' | |
python-version: '3.12' | |
numpy-version: '2.0.*' | |
- os-image: macos-12 | |
os-name: mac | |
python-arch: x86_64 | |
macos-min-version: '10.9' | |
python-version: '3.9' | |
numpy-version: '2.0.*' | |
- os-image: macos-12 | |
os-name: mac | |
python-arch: x86_64 | |
macos-min-version: '10.9' | |
python-version: '3.10' | |
numpy-version: '2.0.*' | |
- os-image: macos-12 | |
os-name: mac | |
python-arch: x86_64 | |
macos-min-version: '10.9' | |
python-version: '3.11' | |
numpy-version: '2.0.*' | |
- os-image: macos-12 | |
os-name: mac | |
python-arch: x86_64 | |
macos-min-version: '10.9' | |
python-version: '3.12' | |
numpy-version: '2.0.*' | |
- os-image: macos-14 # M1 | |
os-name: mac | |
python-arch: arm64 | |
macos-min-version: '11.0' | |
python-version: '3.10' | |
numpy-version: '2.0.*' | |
- os-image: macos-14 # M1 | |
os-name: mac | |
python-arch: arm64 | |
macos-min-version: '11.0' | |
python-version: '3.11' | |
numpy-version: '2.0.*' | |
- os-image: macos-14 # M1 | |
os-name: mac | |
python-arch: arm64 | |
macos-min-version: '11.0' | |
python-version: '3.12' | |
numpy-version: '2.0.*' | |
- os-image: windows-latest | |
os-name: windows | |
python-version: '3.9' | |
python-arch: 'x86_64' | |
numpy-version: '2.0.*' | |
- os-image: windows-latest | |
os-name: windows | |
python-version: '3.10' | |
python-arch: 'x86_64' | |
numpy-version: '2.0.*' | |
- os-image: windows-latest | |
os-name: windows | |
python-version: '3.11' | |
python-arch: 'x86_64' | |
numpy-version: '2.0.*' | |
- os-image: windows-latest | |
os-name: windows | |
python-version: '3.12' | |
python-arch: 'x86_64' | |
numpy-version: '2.0.*' | |
runs-on: ${{ matrix.config.os-image }} | |
# container: ${{ matrix.config.docker-image }} | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Download wheel from artifact storage | |
uses: actions/download-artifact@v4 | |
with: | |
name: wheel-${{ matrix.config.os-name }}-${{ matrix.config.python-arch }}-${{ matrix.config.python-version }} | |
path: dist | |
- name: Test wheel (Linux) | |
if: matrix.config.os-name == 'linux' | |
# run: .github/scripts/test-linux.sh | |
run: docker run --rm -e PYTHON_VERSION -w /io -v `pwd`:/io ${{ matrix.config.docker-image }} /io/.github/scripts/test-linux.sh | |
env: | |
PYTHON_VERSION: ${{ matrix.config.python-version }} | |
- name: Setup Python (Windows) | |
if: matrix.config.os-name == 'windows' | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.config.python-version }} | |
- name: Test wheel (Windows) | |
if: matrix.config.os-name == 'windows' | |
run: | | |
.github/scripts/install-windows-obs-virtual-cam.ps1 | |
.github/scripts/install-windows-unity-capture.ps1 | |
.github/scripts/test-windows.ps1 | |
shell: pwsh | |
env: | |
PYTHON_VERSION: ${{ matrix.config.python-version }} | |
PYTHON_ARCH: ${{ matrix.config.python-arch }} | |
- name: Setup Python (macOS) | |
if: matrix.config.os-name == 'mac' | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.config.python-version }} | |
- name: Test wheel (macOS) | |
if: matrix.config.os-name == 'mac' | |
run: | | |
.github/scripts/install-macos-obs-virtual-cam.sh | |
.github/scripts/test-macos.sh | |
env: | |
PYTHON_ARCH: ${{ matrix.config.python-arch }} | |
PYTHON_VERSION: ${{ matrix.config.python-version }} | |
- name: Store test captures as artifacts | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: test_captures-${{ matrix.config.os-name }}-${{ matrix.config.python-arch }}-${{ matrix.config.python-version }} | |
path: 'tmp_for_test/*.png' | |
if-no-files-found: ignore | |
docs: | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Download wheels from artifact storage | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: wheel-* | |
merge-multiple: true | |
path: dist | |
- name: Install from wheel | |
run: | | |
pip install dist/pyvirtualcam*cp310-manylinux*.whl | |
pip install -r dev-requirements.txt | |
- name: Build docs | |
run: sphinx-build -b html docs dist-docs | |
- name: Store docs HTML as artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
path: dist-docs | |
publish-wheels: | |
runs-on: ubuntu-latest | |
needs: [test, docs] | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
steps: | |
- name: Download wheels from artifact storage | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: wheel-* | |
merge-multiple: true | |
path: dist | |
- name: Setup Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Upload wheels to PyPI | |
run: | | |
pip install twine | |
twine upload -u __token__ -p ${{ secrets.PYPI_TOKEN }} --skip-existing dist/* | |
publish-docs: | |
runs-on: ubuntu-latest | |
needs: [publish-wheels] | |
permissions: | |
pages: write # to deploy to Pages | |
id-token: write # to verify the deployment originates from an appropriate source | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
steps: | |
- name: Deploy to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v4 |