Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -94,3 +94,51 @@ jobs:
--test_verbose_timeout_warnings \
//...
working-directory: src
python:
strategy:
matrix:
runs-on:
- ubuntu-latest
# `large` is x86-64 and `xlarge` is AArch64.
- macos-latest-large
# macos-latest-xlarge may timeout.
# https://github.com/google/s2geometry/issues/409
- macos-latest-xlarge
fail-fast: false
runs-on: ${{ matrix.runs-on }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-tags: true
persist-credentials: false
- uses: pypa/cibuildwheel@8d2b08b68458a16aeb24b64e68a09ab1c8e82084 # v3.4.1
with:
package-dir: ./
output-dir: dist/
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: dist-${{ runner.os }}-${{ runner.arch }}
path: ./dist/
python-publish:
if: (github.event_name == 'release') && (github.event.action == 'released')
needs: [python]
runs-on: ubuntu-latest
permissions:
id-token: write
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to learn more about these permissions. What's the alternative to putting this in a workflow?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is to use Trusted Publishers with PyPI, see here: https://docs.github.com/en/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-pypi

from what I understand, after authenticating via OIDC, the workflow exchanges the token for a single-use PyPI publish token that it then uses to upload the wheels

attestations: write
# Requires environment protection rules in GitHub Settings:
# Settings > Environments > pypi > Add required reviewers
environment:
name: pypi
url: https://pypi.org/p/s2geometry
steps:
- uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
pattern: dist*
path: dist/
merge-multiple: true
- uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
with:
subject-path: "dist/*"
# To upload to PyPI without a token, add this workflow file as a Trusted Publisher in the project settings on the PyPI website
- uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
4 changes: 4 additions & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
cmake_minimum_required(VERSION 3.18)

# avoids error: aligned allocation function of type 'void *(std::size_t, std::align_val_t)' is only available on macOS 10.13 or newer
# see https://github.com/google/oss-policies-info/blob/main/foundational-cxx-support-matrix.md#macos
set(CMAKE_OSX_DEPLOYMENT_TARGET "10.13" CACHE STRING "Minimum macOS version")
Comment thread
zacharyburnett marked this conversation as resolved.

project(s2-geometry
VERSION 0.12.0)

Expand Down
17 changes: 14 additions & 3 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -29,17 +29,18 @@ content-type = "text/plain"
[project.urls]
Source = "https://github.com/google/s2geometry"

[project.optional-dependencies]
[dependency-groups]
test = [
"pytest",
"abi3audit"
]

[build-system]
requires = [
"wheel",
"cmake_build_extension",
"setuptools",
"setuptools_scm[toml]",
"cmake_build_extension",
"swig",
]
build-backend = "setuptools.build_meta"

Expand All @@ -60,3 +61,13 @@ namespaces = false
# The same as the default. See #450.
# https://setuptools-scm.readthedocs.io/en/latest/config/#setuptools_scm._config.DEFAULT_TAG_REGEX
tag_regex = "^(?:[\\w-]+-)?(?P<version>[vV]?\\d+(?:\\.\\d+){0,2}[^\\+]*)(?:\\+.*)?$"

[tool.cibuildwheel]
# we only need to build with CPython 3.10 (because of the limited API / stable ABI)
build = "cp310-*"
test-groups = ["test"]
test-command = "pytest {project}/src/python/s2geometry_test.py && abi3audit --strict --report {project}/dist/*.whl"

[tool.cibuildwheel.macos]
# skip wheel delocation (command can't find the binary)
repair-wheel-command = ""
Comment thread
zacharyburnett marked this conversation as resolved.
22 changes: 13 additions & 9 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,20 @@
# (it could be a subfolder)
source_dir=str(Path(__file__).parent.absolute()),
cmake_configure_options=[
# This option points CMake to the right Python interpreter, and helps
# the logic of FindPython3.cmake to find the active version
f"-DPython3_ROOT_DIR={Path(sys.prefix)}",
'-DCALL_FROM_SETUP_PY:BOOL=ON',
'-DBUILD_SHARED_LIBS:BOOL=OFF',
'-DCMAKE_POSITION_INDEPENDENT_CODE=ON',
'-DWITH_PYTHON=ON'
]
)
# This option points CMake to the right Python interpreter, and helps
# the logic of FindPython3.cmake to find the active version
f"-DPython3_ROOT_DIR={Path(sys.prefix)}",
"-DCALL_FROM_SETUP_PY:BOOL=ON",
"-DBUILD_SHARED_LIBS:BOOL=OFF",
"-DCMAKE_POSITION_INDEPENDENT_CODE=ON",
"-DWITH_PYTHON=ON",
"-DBUILD_TESTS=OFF",
"-DFETCH_ABSEIL=ON",
"-DWITH_PYTHON_LIMITED_API=ON",
]
),
],
options={"bdist_wheel": {"py_limited_api": "cp310"}},
cmdclass=dict(
# Enable the CMakeExtension entries defined above
build_ext=cmake_build_extension.BuildExtension,
Expand Down
Loading