Trigger-CI #37
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: Build NPM package | |
| on: | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| branches: | |
| - 'main' | |
| push: | |
| branches: | |
| - 'main' | |
| jobs: | |
| init: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: milaboratory/github-ci/actions/context/init@v4 | |
| with: | |
| version-canonize: false | |
| branch-versioning: main | |
| run: | |
| needs: | |
| - init | |
| uses: milaboratory/github-ci/.github/workflows/node-matrix.yaml@v4-beta | |
| with: | |
| app-name: Python 3 PL package | |
| app-name-slug: 'runenv-python-3' | |
| notify-telegram: true | |
| node-version: '20.x' | |
| always-auth: 'true' | |
| python-version: '3.12' | |
| matrix: | | |
| [ | |
| {"os":"windows-latest", "arch":"amd64"}, | |
| {"os":"rockylinux8-amd64", "arch":"amd64"}, | |
| {"os":"rockylinux8-arm64", "arch":"arm64"}, | |
| {"os":"macos-13", "arch":"amd64"}, | |
| {"os":"macos-14", "arch":"arm64"} | |
| ] | |
| build-artifacts: | | |
| pydist/*/* | |
| pkg-*.tgz | |
| sign-binaries: | | |
| pydist/**/*.so | |
| pydist/**/*.dylib | |
| pydist/**/bin/python | |
| pydist/**/bin/python3 | |
| pydist/**/bin/pip | |
| pydist/**/bin/pip3 | |
| # pydist/3.12.6/macosx-x64/<python package root> | |
| # Do not try to notarizr 'packages' directory with whl files, as whl is an archive and we | |
| # have to sign all .so files inside first to not tirgger notarisation errors | |
| notarize-paths: | | |
| pydist/*/*/bin | |
| pydist/*/*/lib | |
| # Python main get new .so files during dependencies installation. | |
| # We have to disable libraries validation to not break Python runtime. | |
| mac-sign-entitlements: | | |
| <key>com.apple.security.automation.apple-events</key> <true/> | |
| <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> | |
| <key>com.apple.security.cs.allow-jit</key> <true/> | |
| <key>com.apple.security.cs.disable-library-validation</key> <true/> | |
| <key>com.apple.security.get-task-allow</key> <true/> | |
| build-script-name: 'build' | |
| test: false | |
| test-script-name: 'test' | |
| aws-login-enable: true | |
| gcp-login-enable: true | |
| publish-to-public: true | |
| registry-url: "https://registry.npmjs.org/" | |
| npmrc-config: | | |
| { | |
| "registries": { | |
| "https://registry.npmjs.org/": { | |
| "scopes": ["platforma-open"], | |
| "tokenVar": "NPMJS_TOKEN" | |
| } | |
| } | |
| } | |
| secrets: | |
| env: | | |
| { "PL_REGISTRY_PLATFORMA_OPEN_UPLOAD_URL": ${{ toJSON(secrets.PL_REGISTRY_PLOPEN_UPLOAD_URL) }}, | |
| "NPMJS_TOKEN": ${{ toJSON(secrets.NPMJS_TOKEN) }} } | |
| MAC_SIGN_CERT_ID: '5MJ3ML3YR9' | |
| MAC_SIGN_CERT: ${{ secrets.MAC_CERTS }} | |
| MAC_SIGN_CERT_PWD: ${{ secrets.MAC_CERTS_PASSWORD }} | |
| MAC_NOTR_API_KEY: ${{ secrets.MAC_API_KEY }} | |
| MAC_NOTR_API_KEY_ID: ${{ secrets.MAC_API_KEY_ID }} | |
| MAC_NOTR_API_KEY_ISSUER_ID: ${{ secrets.MAC_API_KEY_ISSUER_ID }} | |
| WIN_SIGN_CERT: ${{ secrets.WIN_CODE_SIGN_CHAIN }} | |
| AWS_ASSUME_ROLE: ${{ secrets.AWS_CI_IAM_MONOREPO_SIMPLE_ROLE }} | |
| AWS_ASSUME_REGION: 'eu-central-1' | |
| GCP_KMS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_KMS_WORKLOAD_IDENTITY_PROVIDER }} | |
| GCP_KMS_SERVICE_ACCOUNT: ${{ secrets.GCP_KMS_SERVICE_ACCOUNT }} | |
| GCP_KMS_LOCATION: ${{ secrets.GCP_KMS_LOCATION }} | |
| GCP_KMS_KEYRING: ${{ secrets.GCP_KMS_KEYRING }} | |
| GCP_KMS_KEY_NAME: ${{ secrets.GCP_KMS_KEY_NAME }} | |
| TELEGRAM_NOTIFICATION_TARGET: ${{ secrets.TG_CHANNEL_MIBUILDS }} | |
| TELEGRAM_API_TOKEN: ${{ secrets.TG_CI_BOT_TOKEN }} |