Implement recommended fixes from OSTIF audit #126
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and upload to PyPI | |
| # Build on every branch push, tag push, and pull request change: | |
| on: [push, pull_request] | |
| # Alternatively, to publish when a (published) GitHub Release is created, use the following: | |
| # on: | |
| # push: | |
| # pull_request: | |
| # release: | |
| # types: | |
| # - published | |
| jobs: | |
| build_wheels: | |
| name: Build wheels on ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - 'ubuntu-latest' | |
| - 'windows-latest' | |
| - 'macos-latest' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Set up QEMU | |
| if: runner.os == 'Linux' | |
| uses: docker/setup-qemu-action@v1 | |
| with: | |
| platforms: all | |
| - name: Build wheels | |
| uses: pypa/cibuildwheel@v2.11.4 | |
| env: | |
| CIBW_TEST_COMMAND: >- | |
| python -m simplejson.tests._cibw_runner "{project}" | |
| CIBW_SKIP: "pp*" | |
| CIBW_ARCHS_WINDOWS: "auto" | |
| CIBW_ARCHS_LINUX: "auto aarch64 ppc64le" | |
| CIBW_ARCHS_MACOS: "x86_64 universal2 arm64" | |
| - name: Build Python 2.7 wheels | |
| if: runner.os != 'Windows' | |
| uses: pypa/cibuildwheel@v1.12.0 | |
| env: | |
| CIBW_TEST_COMMAND: >- | |
| python -m simplejson.tests._cibw_runner "{project}" | |
| CIBW_BUILD: "cp27-*" | |
| CIBW_SKIP: "pp*" | |
| CIBW_ARCHS_LINUX: "auto aarch64" | |
| - uses: actions/upload-artifact@v2 | |
| if: "github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/')" | |
| with: | |
| path: ./wheelhouse/*.whl | |
| build_sdist: | |
| name: Build source distribution | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-python@v2 | |
| name: Install Python | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: python -m pip install --upgrade pip setuptools wheel | |
| - name: Build sdist | |
| run: python setup.py sdist | |
| - name: Build wheel | |
| run: DISABLE_SPEEDUPS=1 python setup.py bdist_wheel | |
| - name: Test sdist | |
| run: | | |
| mkdir tmp | |
| cd tmp | |
| tar zxf ../dist/simplejson-*.tar.gz | |
| cd simplejson-* | |
| REQUIRE_SPEEDUPS=1 python setup.py build build_ext -i test | |
| - uses: actions/upload-artifact@v2 | |
| if: "github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/')" | |
| with: | |
| path: | | |
| dist/*.tar.gz | |
| dist/*-none-any.whl | |
| upload_pypi: | |
| needs: [build_wheels, build_sdist] | |
| runs-on: ubuntu-latest | |
| # upload to PyPI on every tag starting with 'v' | |
| if: "github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/v')" | |
| # alternatively, to publish when a GitHub Release is created, use the following rule: | |
| # if: github.event_name == 'release' && github.event.action == 'published' | |
| steps: | |
| - uses: actions/download-artifact@v2 | |
| with: | |
| name: artifact | |
| path: dist | |
| - uses: pypa/gh-action-pypi-publish@v1.4.2 | |
| with: | |
| user: __token__ | |
| password: ${{ secrets.PYPI_PASSWORD }} | |
| # To test: repository_url: https://test.pypi.org/legacy/ | |
| upload_pypi_test: | |
| needs: [build_wheels, build_sdist] | |
| runs-on: ubuntu-latest | |
| # upload to PyPI on every tag starting with 'v' | |
| if: "github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/test-v')" | |
| # alternatively, to publish when a GitHub Release is created, use the following rule: | |
| # if: github.event_name == 'release' && github.event.action == 'published' | |
| steps: | |
| - uses: actions/download-artifact@v2 | |
| with: | |
| name: artifact | |
| path: dist | |
| - uses: pypa/gh-action-pypi-publish@v1.4.2 | |
| with: | |
| user: __token__ | |
| password: ${{ secrets.PYPI_PASSWORD_TEST }} | |
| repository_url: https://test.pypi.org/legacy/ |