use github hosted arm runners in wheel builder #93
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Wheel Builder | |
permissions: | |
contents: read | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: The version to build | |
required: true | |
push: | |
tags: | |
- '*.*.*' | |
pull_request: | |
paths: | |
- .github/workflows/wheel-builder.yml | |
- pyproject.toml | |
- setup.cfg | |
- setup.py | |
jobs: | |
manylinux: | |
runs-on: ${{ matrix.MANYLINUX.RUNNER }} | |
container: | |
image: ghcr.io/pyca/${{ matrix.MANYLINUX.CONTAINER }} | |
volumes: | |
- /staticnodehost:/staticnodecontainer:rw,rshared | |
- /staticnodehost:/__e/node20:ro,rshared | |
strategy: | |
matrix: | |
PYTHON: | |
- { VERSION: "cp37-cp37m", PATH: "/opt/python/cp311-cp311/bin/python", ABI_VERSION: 'cp37' } | |
MANYLINUX: | |
- { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest" } | |
- { name: "manylinux_2_28_x86_64", CONTAINER: "cryptography-manylinux_2_28:x86_64", RUNNER: "ubuntu-latest" } | |
- { name: "manylinux_2_34_x86_64", CONTAINER: "cryptography-manylinux_2_34:x86_64", RUNNER: "ubuntu-latest" } | |
- { name: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64", RUNNER: "ubuntu-latest" } | |
- { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: "ubuntu-24.04-arm" } | |
- { name: "manylinux_2_28_aarch64", CONTAINER: "cryptography-manylinux_2_28:aarch64", RUNNER: "ubuntu-24.04-arm" } | |
- { name: "manylinux_2_34_aarch64", CONTAINER: "cryptography-manylinux_2_34:aarch64", RUNNER: "ubuntu-24.04-arm" } | |
- { name: "musllinux_1_1_aarch64", CONTAINER: "cryptography-musllinux_1_1:aarch64", RUNNER: "ubuntu-24.04-arm" } | |
name: "${{ matrix.PYTHON.VERSION }} for ${{ matrix.MANYLINUX.NAME }}" | |
steps: | |
- name: Ridiculous-er workaround for static node20 | |
run: | | |
cp -R /staticnode/* /staticnodecontainer/ | |
- name: Ridiculous alpine workaround for actions support on arm64 | |
run: | | |
# This modifies /etc/os-release so the JS actions | |
# from GH can't detect that it's on alpine:aarch64. It will | |
# then use a glibc nodejs, which works fine when gcompat | |
# is installed in the container (which it is) | |
sed -i "s:ID=alpine:ID=NotpineForGHA:" /etc/os-release | |
if: startsWith(matrix.MANYLINUX.NAME, 'musllinux') && endsWith(matrix.MANYLINUX.NAME, 'aarch64') | |
- uses: actions/[email protected] | |
with: | |
# The tag to build or the tag received by the tag event | |
ref: ${{ github.event.inputs.version || github.ref }} | |
persist-credentials: false | |
- run: ${{ matrix.PYTHON.PATH }} -m venv .venv | |
- name: Install python dependencies | |
run: .venv/bin/pip install -U pip cffi wheel build | |
- run: | | |
mkdir tmpwheelhouse | |
LIBSODIUM_MAKE_ARGS="-j$(nproc)" .venv/bin/python -m build --wheel --config-setting=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} | |
mv dist/PyNaCl*.whl tmpwheelhouse/ | |
- run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/PyNaCl*.whl -w wheelhouse/ | |
- run: .venv/bin/pip install pynacl --no-index -f wheelhouse/ | |
- run: | | |
.venv/bin/python -c "import nacl.signing; key = nacl.signing.SigningKey.generate();signature = key.sign(b'test'); key.verify_key.verify(signature)" | |
- run: mkdir pynacl-wheelhouse | |
- run: mv wheelhouse/PyNaCl*.whl pynacl-wheelhouse/ | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: "pynacl-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON.VERSION }}" | |
path: pynacl-wheelhouse/ | |
macos: | |
runs-on: macos-13 | |
strategy: | |
matrix: | |
PYTHON: | |
- VERSION: '3.10' | |
ABI_VERSION: 'cp37' | |
DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.10.1/python-3.10.1-macos11.pkg' | |
BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.10/bin/python3' | |
name: "Python ${{ matrix.PYTHON.VERSION }} for ABI ${{ matrix.PYTHON.ABI_VERSION }} on macOS" | |
steps: | |
- uses: actions/[email protected] | |
with: | |
# The tag to build or the tag received by the tag event | |
ref: ${{ github.event.inputs.version || github.ref }} | |
persist-credentials: false | |
- run: | | |
curl "$PYTHON_DOWNLOAD_URL" -o python.pkg | |
sudo installer -pkg python.pkg -target / | |
env: | |
PYTHON_DOWNLOAD_URL: ${{ matrix.PYTHON.DOWNLOAD_URL }} | |
- run: ${{ matrix.PYTHON.BIN_PATH }} -m pip install -U virtualenv | |
- run: ${{ matrix.PYTHON.BIN_PATH }} -m virtualenv venv | |
- run: venv/bin/pip install -U pip wheel cffi build | |
- name: Build the wheel | |
run: | | |
mkdir wheelhouse | |
LIBSODIUM_MAKE_ARGS="-j$(sysctl -n hw.ncpu)" \ | |
venv/bin/python -m build --wheel --config-setting=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} | |
mv dist/PyNaCl*.whl wheelhouse/ | |
env: | |
PYTHON_VERSION: ${{ matrix.PYTHON.ABI_VERSION }} | |
MACOSX_DEPLOYMENT_TARGET: '10.10' | |
CFLAGS: '-arch arm64 -arch x86_64' | |
ARCHFLAGS: '-arch arm64 -arch x86_64' | |
_PYTHON_HOST_PLATFORM: 'macosx-10.9-universal2' | |
- run: venv/bin/pip install -f wheelhouse --no-index pynacl | |
- run: | | |
venv/bin/python -c "import nacl.signing; key = nacl.signing.SigningKey.generate();signature = key.sign(b'test'); key.verify_key.verify(signature)" | |
- run: mkdir pynacl-wheelhouse | |
- run: mv wheelhouse/PyNaCl*.whl pynacl-wheelhouse/ | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: "pynacl-${{ github.event.inputs.version }}-macOS-${{ matrix.PYTHON.VERSION }}" | |
path: pynacl-wheelhouse/ | |
windows: | |
runs-on: windows-latest | |
strategy: | |
matrix: | |
WINDOWS: | |
- {ARCH: 'x86', SODIUM_ARCH: 'Win32', VS_ARCH: 'x86'} | |
- {ARCH: 'x64', SODIUM_ARCH: 'x64', VS_ARCH: 'amd64'} | |
PYTHON: | |
- {VERSION: "3.9", SODIUM_MSVC_VERSION: "v142", "ABI_VERSION": "cp37"} | |
name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.WINDOWS.ARCH }} ${{ matrix.PYTHON.ABI_VERSION }}" | |
steps: | |
- uses: actions/[email protected] | |
with: | |
# The tag to build or the tag received by the tag event | |
ref: ${{ github.event.inputs.version || github.ref }} | |
persist-credentials: false | |
- name: Setup python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.PYTHON.VERSION }} | |
architecture: ${{ matrix.WINDOWS.ARCH }} | |
- name: Extract libsodium libraries | |
run: | | |
Expand-Archive src/libsodium-1.0.20-stable-msvc.zip -DestinationPath c:\ | |
shell: powershell | |
- name: Add sodium to paths | |
run: | | |
echo "INCLUDE=C:/libsodium/include;$INCLUDE" >> $GITHUB_ENV | |
echo "LIB=C:/libsodium/${{ matrix.WINDOWS.SODIUM_ARCH }}/release/${{ matrix.PYTHON.SODIUM_MSVC_VERSION }}/static;$LIB" >> $GITHUB_ENV | |
shell: bash | |
- name: Install wheel and our Python dependencies | |
run: python -m pip install -U pip wheel cffi build | |
- name: Build the wheel | |
run: | | |
mkdir wheelhouse | |
call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\Tools\VsDevCmd.bat" -no_logo -arch=${{ matrix.WINDOWS.VS_ARCH }} | |
python -m build --wheel --config-setting=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} | |
mv dist/PyNaCl*.whl wheelhouse/ | |
shell: cmd | |
env: | |
PYNACL_SODIUM_LIBRARY_NAME: sodium | |
PYNACL_SODIUM_STATIC: 1 | |
SODIUM_INSTALL: system | |
- name: Test installing the wheel | |
run: pip install -f wheelhouse pynacl --no-index | |
- name: Test the installed wheel | |
run: | | |
python -c "import nacl.signing; key = nacl.signing.SigningKey.generate();signature = key.sign(b'test'); key.verify_key.verify(signature)" | |
- run: mkdir pynacl-wheelhouse | |
- run: move wheelhouse\PyNaCl*.whl pynacl-wheelhouse\ | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: "pynacl-${{ github.event.inputs.version }}-win-${{ matrix.WINDOWS.ARCH }}-${{ matrix.PYTHON.VERSION }}" | |
path: pynacl-wheelhouse\ |