Skip to content

ci

ci #481

Workflow file for this run

name: CI
on: [push, pull_request]
# Notes on workflow security:
# This workflow was written such that the release artifacts (wheels)
# are built and published in an environment with the least additional dependencies.
# To achieve that, the execution of tests and the building of docs is done
# in separate jobs from the job that builds wheels. Both tests and docs require
# many additional PyPI packages each of which could insert malicious code into
# the built wheels if everything was running within a single job.
# Another concern is the use of third-party actions ('uses:'). In particular,
# uploaded artifacts (wheels) can be overridden in subsequent build steps/jobs.
# This is possible as actions (compared to 'run:' scripts) have access to a
# special (undocumented) artifacts token (not the regular GITHUB_TOKEN) which
# is used by the actions/upload-artifact action. See also:
# https://github.com/actions/upload-artifact/issues/197
# As a mitigation, in this workflow none of the jobs that run before and
# including the one that publishes the wheels to PyPI uses third-party actions.
# Lastly, the GITHUB_TOKEN permissions are set to read-only by default except
# for the job that deploys to GitHub Pages. In that job, a third-party action
# is used that writes to the 'gh-pages' branch of the repository.
# This will change in the near future once pages can be deployed directly
# without writing to a branch by using the new in-beta actions/deploy-pages action.
# After that, no third-party actions will be used and the token permissions are fully
# read-only.
permissions: read-all
jobs:
build:
strategy:
fail-fast: false
matrix:
config:
# NOTE: When updating this list, also update the 'test' job!
# - os-image: ubuntu-latest
# os-name: linux
# docker-image: quay.io/pypa/manylinux2014_x86_64
# python-version: '3.7'
# numpy-version: '1.14.*'
# - os-image: ubuntu-latest
# os-name: linux
# docker-image: quay.io/pypa/manylinux2014_x86_64
# python-version: '3.8'
# numpy-version: '1.17.*'
# - os-image: ubuntu-latest
# os-name: linux
# docker-image: quay.io/pypa/manylinux2014_x86_64
# python-version: '3.9'
# numpy-version: '1.19.*'
# - os-image: ubuntu-latest
# os-name: linux
# docker-image: quay.io/pypa/manylinux2014_x86_64
# python-version: '3.10'
# numpy-version: '1.21.*'
# - os-image: ubuntu-latest
# os-name: linux
# docker-image: quay.io/pypa/manylinux2014_x86_64
# python-version: '3.11'
# numpy-version: '1.23.*'
# - os-image: macos-11
# os-name: mac
# macos-min-version: '10.9'
# python-version: '3.7'
# numpy-version: '1.14.*'
# - os-image: macos-11
# os-name: mac
# macos-min-version: '10.9'
# python-version: '3.8'
# numpy-version: '1.17.*'
# - os-image: macos-11
# os-name: mac
# macos-min-version: '10.9'
# python-version: '3.9'
# numpy-version: '1.19.*'
# - os-image: macos-11
# os-name: mac
# macos-min-version: '10.9'
# python-version: '3.10'
# numpy-version: '1.21.*'
- os-image: macos-11
os-name: mac
macos-min-version: '10.9'
python-version: '3.11'
numpy-version: '1.23.*'
# - os-image: windows-latest
# os-name: windows
# python-version: '3.7'
# python-arch: '64'
# numpy-version: '1.14.*'
# - os-image: windows-latest
# os-name: windows
# python-version: '3.8'
# python-arch: '64'
# numpy-version: '1.17.*'
# - os-image: windows-latest
# os-name: windows
# python-version: '3.9'
# python-arch: '64'
# numpy-version: '1.19.*'
# - os-image: windows-latest
# os-name: windows
# python-version: '3.10'
# python-arch: '64'
# numpy-version: '1.21.*'
# - os-image: windows-latest
# os-name: windows
# python-version: '3.11'
# python-arch: '64'
# numpy-version: '1.23.*'
permissions:
security-events: write
runs-on: ${{ matrix.config.os-image }}
container: ${{ matrix.config.docker-image }}
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: Initialize CodeQL
if: matrix.config.python-version == '3.10'
uses: github/codeql-action/init@v2
with:
languages: python, cpp
setup-python-dependencies: false
- name: Build wheel (Linux)
if: matrix.config.os-name == 'linux'
run: .github/scripts/build-linux.sh
env:
PYTHON_VERSION: ${{ matrix.config.python-version }}
NUMPY_VERSION: ${{ matrix.config.numpy-version }}
- name: Setup Python (Windows)
if: matrix.config.os-name == 'windows'
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.config.python-version }}
- name: Build wheel (Windows)
if: matrix.config.os-name == 'windows'
run: .github/scripts/build-windows.ps1
shell: pwsh
env:
PYTHON_VERSION: ${{ matrix.config.python-version }}
PYTHON_ARCH: ${{ matrix.config.python-arch }}
NUMPY_VERSION: ${{ matrix.config.numpy-version }}
- name: Build wheel (macOS)
if: matrix.config.os-name == 'mac'
run: .github/scripts/build-macos.sh
env:
MACOS_MIN_VERSION: ${{ matrix.config.macos-min-version }}
PYTHON_VERSION: ${{ matrix.config.python-version }}
NUMPY_VERSION: ${{ matrix.config.numpy-version }}
- name: Store wheel as artifact
uses: actions/upload-artifact@v3
with:
name: wheels
path: dist
- name: Perform CodeQL Analysis
if: matrix.config.python-version == '3.10'
uses: github/codeql-action/analyze@v2
with:
category: ${{ matrix.config.os-name }}
test:
strategy:
fail-fast: false
matrix:
# GitHub Actions doesn't support YAML anchors,
# so this has to be duplicated here.
config:
# - os-image: ubuntu-latest
# os-name: linux
# docker-image: quay.io/pypa/manylinux2014_x86_64
# python-version: '3.7'
# numpy-version: '1.14.*'
# - os-image: ubuntu-latest
# os-name: linux
# docker-image: quay.io/pypa/manylinux2014_x86_64
# python-version: '3.8'
# numpy-version: '1.17.*'
# - os-image: ubuntu-latest
# os-name: linux
# docker-image: quay.io/pypa/manylinux2014_x86_64
# python-version: '3.9'
# numpy-version: '1.19.*'
# - os-image: ubuntu-latest
# os-name: linux
# docker-image: quay.io/pypa/manylinux2014_x86_64
# python-version: '3.10'
# numpy-version: '1.21.*'
# - os-image: ubuntu-latest
# os-name: linux
# docker-image: quay.io/pypa/manylinux2014_x86_64
# python-version: '3.11'
# numpy-version: '1.23.*'
# - os-image: macos-11
# os-name: mac
# macos-min-version: '10.9'
# python-version: '3.7'
# numpy-version: '1.14.*'
# - os-image: macos-11
# os-name: mac
# macos-min-version: '10.9'
# python-version: '3.8'
# numpy-version: '1.17.*'
# - os-image: macos-11
# os-name: mac
# macos-min-version: '10.9'
# python-version: '3.9'
# numpy-version: '1.19.*'
# - os-image: macos-11
# os-name: mac
# macos-min-version: '10.9'
# python-version: '3.10'
# numpy-version: '1.21.*'
- os-image: macos-11
os-name: mac
macos-min-version: '10.9'
python-version: '3.11'
numpy-version: '1.23.*'
# - os-image: windows-latest
# os-name: windows
# python-version: '3.7'
# python-arch: '64'
# numpy-version: '1.14.*'
# - os-image: windows-latest
# os-name: windows
# python-version: '3.8'
# python-arch: '64'
# numpy-version: '1.17.*'
# - os-image: windows-latest
# os-name: windows
# python-version: '3.9'
# python-arch: '64'
# numpy-version: '1.19.*'
# - os-image: windows-latest
# os-name: windows
# python-version: '3.10'
# python-arch: '64'
# numpy-version: '1.21.*'
# - os-image: windows-latest
# os-name: windows
# python-version: '3.11'
# python-arch: '64'
# numpy-version: '1.23.*'
runs-on: ${{ matrix.config.os-image }}
container: ${{ matrix.config.docker-image }}
needs: build
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: Download wheels from artifact storage
uses: actions/download-artifact@v3
with:
name: wheels
path: dist
- name: Test wheel (Linux)
if: matrix.config.os-name == 'linux'
run: .github/scripts/test-linux.sh
env:
PYTHON_VERSION: ${{ matrix.config.python-version }}
- name: Setup Python (Windows)
if: matrix.config.os-name == 'windows'
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.config.python-version }}
- name: Test wheel (Windows)
if: matrix.config.os-name == 'windows'
run: |
.github/scripts/install-windows-obs-virtual-cam.ps1
.github/scripts/install-windows-unity-capture.ps1
.github/scripts/test-windows.ps1
shell: pwsh
env:
PYTHON_VERSION: ${{ matrix.config.python-version }}
PYTHON_ARCH: ${{ matrix.config.python-arch }}
- name: Setup Python (macOS)
if: matrix.config.os-name == 'mac'
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.config.python-version }}
- name: Test wheel (macOS)
if: matrix.config.os-name == 'mac'
run: |
.github/scripts/install-macos-obs-virtual-cam.sh
.github/scripts/test-macos.sh
env:
PYTHON_VERSION: ${{ matrix.config.python-version }}
- name: Store test captures as artifacts
uses: actions/upload-artifact@v3
if: always()
with:
name: test_captures
path: 'tmp_for_test/*.png'
if-no-files-found: ignore
docs:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v3
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Download wheels from artifact storage
uses: actions/download-artifact@v3
with:
name: wheels
path: dist
- name: Install from wheel
run: |
pip install dist/pyvirtualcam*cp310-manylinux*.whl
pip install -r dev-requirements.txt
- name: Build docs
run: sphinx-build -b html docs dist-docs
- name: Store docs HTML as artifact
uses: actions/upload-artifact@v3
with:
name: docs
path: dist-docs
publish-wheels:
runs-on: ubuntu-latest
needs: [test, docs]
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
steps:
- name: Download wheels from artifact storage
uses: actions/download-artifact@v3
with:
name: wheels
path: dist
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Upload wheels to PyPI
run: |
pip install twine
twine upload -u __token__ -p ${{ secrets.PYPI_TOKEN }} --skip-existing dist/*
publish-docs:
runs-on: ubuntu-latest
needs: [publish-wheels]
permissions:
contents: write
steps:
- name: Download docs HTML from artifact storage
uses: actions/download-artifact@v3
with:
name: docs
path: dist-docs
# TODO replace with https://github.com/actions/deploy-pages once out of beta
- name: Upload docs to GitHub Pages
uses: peaceiris/actions-gh-pages@47a6d63ea8b47b19328e258563aa1fbe224c0a23
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PUBLISH_BRANCH: gh-pages
PUBLISH_DIR: ./dist-docs