Protect against deregistered profile functions in greenlet switches #3422
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Wheels | |
on: | |
push: | |
pull_request: | |
release: | |
types: | |
- published | |
schedule: | |
# At 12:00 on every day-of-month | |
- cron: "0 12 */1 * *" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
build_sdist: | |
name: Build source distribution | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build sdist | |
run: pipx run build --sdist | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: sdist | |
path: dist | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: tests | |
path: tests | |
choose_linux_wheel_types: | |
name: Decide which wheel types to build | |
runs-on: ubuntu-latest | |
steps: | |
- id: manylinux_x86_64 | |
run: echo "wheel_types=manylinux_x86_64" >> $GITHUB_OUTPUT | |
- id: musllinux_x86_64 | |
run: echo "wheel_types=musllinux_x86_64" >> $GITHUB_OUTPUT | |
- id: manylinux_i686 | |
run: echo "wheel_types=manylinux_i686" >> $GITHUB_OUTPUT | |
- id: manylinux_aarch64 | |
if: github.event_name == 'release' && github.event.action == 'published' | |
run: echo "wheel_types=manylinux_aarch64" >> $GITHUB_OUTPUT | |
outputs: | |
wheel_types: ${{ toJSON(steps.*.outputs.wheel_types) }} | |
build_linux_wheels: | |
needs: [build_sdist, choose_linux_wheel_types] | |
name: ${{ matrix.wheel_type }}${{ matrix.manylinux2010_hack }} wheels | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
wheel_type: ${{ fromJSON(needs.choose_linux_wheel_types.outputs.wheel_types) }} | |
manylinux2010_hack: [""] | |
include: | |
- wheel_type: manylinux_x86_64 | |
manylinux2010_hack: "_manylinux2010_hack" | |
steps: | |
- name: Build manylinux2010 image containing Python 3.11 and 3.12 | |
if: matrix.manylinux2010_hack | |
run: | | |
echo "CIBW_SKIP=*cp3{7,8,9,10,13}*" >> $GITHUB_ENV | |
echo "CIBW_MANYLINUX_X86_64_IMAGE=manylinux2010-with-modern-cpython" >> $GITHUB_ENV | |
docker build -t manylinux2010-with-modern-cpython - <<'EOF' | |
# syntax=docker/dockerfile:1 | |
FROM quay.io/pypa/manylinux2010_x86_64:latest | |
RUN curl https://pyenv.run | bash && \ | |
export PYENV_ROOT="$HOME/.pyenv" && \ | |
export PATH="$PYENV_ROOT/bin:$PATH" && \ | |
eval "$(pyenv init -)" && \ | |
yum install -y make patch zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel openssl-devel tk-devel libffi-devel xz-devel perl-IPC-Cmd && \ | |
curl -L https://www.openssl.org/source/openssl-3.0.12.tar.gz >openssl-3.0.12.tar.gz && \ | |
tar xzf openssl-3.0.12.tar.gz && \ | |
(cd openssl-3.0.12 && ./config no-shared --prefix=/usr/local/ssl --openssldir=/usr/local/ssl --libdir=lib && make && make install_sw) && \ | |
rm -rf openssl-3.0.12.tar.gz && \ | |
rm -rf openssl-3.0.12 && \ | |
PYTHON_CONFIGURE_OPTS=--with-openssl=/usr/local/ssl pyenv install 3.11 && \ | |
ln -s /root/.pyenv/versions/3.11* /opt/python/cp311-cp311 && \ | |
PYTHON_CONFIGURE_OPTS=--with-openssl=/usr/local/ssl pyenv install 3.12 && \ | |
ln -s /root/.pyenv/versions/3.12* /opt/python/cp312-cp312 && \ | |
true | |
EOF | |
- uses: actions/download-artifact@v4 | |
with: | |
name: sdist | |
path: dist | |
- uses: actions/download-artifact@v4 | |
with: | |
name: tests | |
path: tests | |
- uses: docker/setup-qemu-action@v3 | |
if: runner.os == 'Linux' | |
name: Set up QEMU | |
- name: Extract sdist | |
run: | | |
tar zxvf dist/*.tar.gz --strip-components=1 | |
- name: Disable ptrace security restrictions | |
run: | | |
echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope | |
- name: Build wheels | |
uses: pypa/[email protected] | |
env: | |
CIBW_BUILD: "cp3{7..13}-${{ matrix.wheel_type }}" | |
CIBW_ARCHS_LINUX: auto aarch64 | |
CIBW_PRERELEASE_PYTHONS: True | |
CIBW_TEST_EXTRAS: test | |
CIBW_TEST_COMMAND: python -m pytest {package}/tests | |
CIBW_TEST_SKIP: "*aarch64*" | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.wheel_type }}${{ matrix.manylinux2010_hack }}-wheels | |
path: ./wheelhouse/*.whl | |
build_macosx_wheels: | |
needs: [build_sdist] | |
name: macosx_${{ matrix.arch }} wheels | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
include: | |
- os: macos-13 | |
arch: x86_64 | |
- os: macos-14 | |
arch: arm64 | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: sdist | |
path: dist | |
- uses: actions/download-artifact@v4 | |
with: | |
name: tests | |
path: tests | |
- name: Extract sdist | |
run: | | |
tar zxvf dist/*.tar.gz --strip-components=1 | |
- name: Sets env vars for compilation | |
run: | | |
echo "LZ4_INSTALL_DIR=/tmp/lz4_install" >> $GITHUB_ENV | |
echo "CFLAGS=-arch ${{matrix.arch}}" >> $GITHUB_ENV | |
- name: Set x86_64-specific environment variables | |
if: matrix.arch == 'x86_64' | |
run: | | |
echo "MACOSX_DEPLOYMENT_TARGET=10.14" >> $GITHUB_ENV | |
- name: Set arm64-specific environment variables | |
if: matrix.arch == 'arm64' | |
run: | | |
echo "MACOSX_DEPLOYMENT_TARGET=11.0" >> $GITHUB_ENV | |
- name: Build wheels | |
uses: pypa/[email protected] | |
env: | |
CIBW_BUILD: "cp3{8..13}-*" | |
CIBW_PRERELEASE_PYTHONS: True | |
CIBW_TEST_EXTRAS: test | |
CIBW_TEST_COMMAND: pytest {package}/tests | |
CIBW_BUILD_VERBOSITY: 1 | |
CFLAGS: "${{env.CFLAGS}} -I${{env.LZ4_INSTALL_DIR}}/include" | |
LDFLAGS: "-L${{env.LZ4_INSTALL_DIR}}/lib -Wl,-rpath,${{env.LZ4_INSTALL_DIR}}/lib" | |
PKG_CONFIG_PATH: "${{env.LZ4_INSTALL_DIR}}/lib/pkgconfig" | |
CIBW_REPAIR_WHEEL_COMMAND_MACOS: "DYLD_LIBRARY_PATH=${{env.LZ4_INSTALL_DIR}}/lib delocate-wheel --require-archs {delocate_archs} -w {dest_dir} -v {wheel}" | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: macosx_${{ matrix.arch }}-wheels | |
path: ./wheelhouse/*.whl | |
build_and_test_wheels: | |
name: Build and test wheels | |
needs: [build_linux_wheels, build_macosx_wheels] | |
runs-on: ubuntu-latest | |
if: always() # Don't skip this step if a predecessor failed! | |
steps: | |
# We can't make a matrix job itself a required check in GitHub, | |
# so we instead add a job that depends on the two matrix jobs, | |
# and we mark this job as required instead. This job doesn't do | |
# any work, it just lets us better manage our required checks. | |
- if: "!success()" | |
run: echo "Some builds failed" && exit 1 | |
- run: echo "All builds succeeded!" | |
upload_pypi: | |
needs: [build_and_test_wheels, build_sdist] | |
runs-on: ubuntu-latest | |
if: github.event_name == 'release' && github.event.action == 'published' | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
# with no name set, it downloads all of the artifacts | |
path: dist | |
- run: | | |
mv dist/sdist/*.tar.gz dist/ | |
mv dist/*-wheels/*.whl dist/ | |
rmdir dist/{sdist,*-wheels} | |
rm -r dist/tests | |
ls -R dist | |
- uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
skip_existing: true | |
password: ${{ secrets.PYPI_PASSWORD }} |