Merge pull request #38 from platforma-open/feat/pframes_bump #280
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build NPM package | |
| on: | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| branches: | |
| - 'main' | |
| push: | |
| branches: | |
| - 'main' | |
| jobs: | |
| init: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: milaboratory/github-ci/actions/context/init@v4 | |
| with: | |
| version-canonize: false | |
| branch-versioning: main | |
| run: | |
| needs: | |
| - init | |
| uses: milaboratory/github-ci/.github/workflows/node-matrix-pnpm.yaml@v4 | |
| with: | |
| app-name: 'Runenv: Python 3' | |
| app-name-slug: 'runenv-python-3' | |
| notify-telegram: true | |
| node-version: '20.x' | |
| build-script-name: 'build' | |
| pnpm-recursive-build: true | |
| test: false | |
| test-script-name: 'test' | |
| pnpm-recursive-tests: false | |
| team-id: 'ciplopen-runenv-python-3' | |
| aws-login-duration: 43199 | |
| publish-to-public: 'true' | |
| package-path: 'catalogue' | |
| create-tag: 'true' | |
| npmrc-config: | | |
| { | |
| "registries": { | |
| "https://registry.npmjs.org/": { | |
| "scopes": ["milaboratories", "platforma-sdk", "platforma-open"], | |
| "tokenVar": "NPMJS_TOKEN" | |
| } | |
| } | |
| } | |
| main-metapackage-name: '@platforma-open/milaboratories.runenv-python-3' | |
| pre-calculated-task-list: | | |
| [ | |
| {"os":"windows-latest", "arch":"amd64", "python_version":"3.12.10"}, | |
| {"os":"ubuntu-large-amd64", "arch":"amd64", "python_version":"3.12.10"}, | |
| {"os":"ubuntu-large-arm64", "arch":"arm64", "python_version":"3.12.10"}, | |
| {"os":"macos-13", "arch":"amd64", "python_version":"3.12.10"}, | |
| {"os":"macos-14", "arch":"arm64", "python_version":"3.12.10"}, | |
| {"os":"windows-latest", "arch":"amd64", "python_version":"3.10.11"}, | |
| {"os":"ubuntu-large-amd64", "arch":"amd64", "python_version":"3.10.11"}, | |
| {"os":"ubuntu-large-arm64", "arch":"arm64", "python_version":"3.10.11"}, | |
| {"os":"macos-13", "arch":"amd64", "python_version":"3.10.11"}, | |
| {"os":"macos-14", "arch":"arm64", "python_version":"3.10.11"}, | |
| {"os":"ubuntu-large-amd64", "arch":"amd64", "python_version":"3.12.10-atls"}, | |
| {"os":"macos-14", "arch":"arm64", "python_version":"3.12.10-atls"}, | |
| {"os":"windows-latest", "arch":"amd64", "python_version":"3.12.10-sccoda"}, | |
| {"os":"ubuntu-large-amd64", "arch":"amd64", "python_version":"3.12.10-sccoda"}, | |
| {"os":"ubuntu-large-arm64", "arch":"arm64", "python_version":"3.12.10-sccoda"}, | |
| {"os":"macos-13", "arch":"amd64", "python_version":"3.12.10-sccoda"}, | |
| {"os":"macos-14", "arch":"arm64", "python_version":"3.12.10-sccoda"}, | |
| {"os":"windows-latest", "arch":"amd64", "python_version":"3.12.10-rapids"}, | |
| {"os":"ubuntu-large-amd64", "arch":"amd64", "python_version":"3.12.10-rapids"}, | |
| {"os":"ubuntu-large-arm64", "arch":"arm64", "python_version":"3.12.10-rapids"}, | |
| {"os":"macos-13", "arch":"amd64", "python_version":"3.12.10-rapids"}, | |
| {"os":"macos-14", "arch":"arm64", "python_version":"3.12.10-rapids"} | |
| ] | |
| sign-binaries: | | |
| python*/pydist/**/*.so | |
| python*/pydist/**/*.dylib | |
| python*/pydist/**/bin/python | |
| python*/pydist/**/bin/python3 | |
| python*/pydist/**/bin/pip | |
| python*/pydist/**/bin/venv | |
| python*/pydist/**/bin/pip3 | |
| python*/pydist/**/bin/*hmm* | |
| python*/pydist/**/bin/alimask | |
| python*/pydist/**/bin/pdbfixer | |
| # pydist/3.12.6/macosx-x64/<python package root> | |
| # Do not try to notarize 'packages' directory with whl files, as whl is an archive and we | |
| # have to sign all .so files inside first to not tirgger notarisation errors | |
| notarize-paths: | | |
| python*/pydist/*/bin | |
| python*/pydist/*/lib | |
| # Python main get new .so files during dependencies installation. | |
| # We have to disable libraries validation to not break Python runtime. | |
| mac-sign-entitlements: | | |
| <key>com.apple.security.automation.apple-events</key> <true/> | |
| <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> | |
| <key>com.apple.security.cs.allow-jit</key> <true/> | |
| <key>com.apple.security.cs.disable-library-validation</key> <true/> | |
| <key>com.apple.security.get-task-allow</key> <true/> | |
| secrets: | |
| env: | | |
| { "NPMJS_TOKEN": ${{ toJSON(secrets.NPMJS_TOKEN) }}, | |
| "AWS_CI_IAM_MONOREPO_SIMPLE_ROLE": ${{ toJSON(secrets.AWS_CI_IAM_MONOREPO_SIMPLE_ROLE) }}, | |
| "AWS_CI_TURBOREPO_S3_BUCKET": ${{ toJSON(secrets.AWS_CI_TURBOREPO_S3_BUCKET) }}, | |
| "PL_REGISTRY_PLATFORMA_OPEN_UPLOAD_URL": ${{ toJSON(secrets.PL_REGISTRY_PLOPEN_UPLOAD_URL) }}, | |
| "QUAY_USERNAME": ${{ toJSON(secrets.QUAY_USERNAME) }}, | |
| "QUAY_ROBOT_TOKEN": ${{ toJSON(secrets.QUAY_ROBOT_TOKEN) }} } | |
| MAC_SIGN_CERT_ID: '5MJ3ML3YR9' | |
| MAC_SIGN_CERT: ${{ secrets.MAC_CERTS }} | |
| MAC_SIGN_CERT_PWD: ${{ secrets.MAC_CERTS_PASSWORD }} | |
| MAC_NOTR_API_KEY: ${{ secrets.MAC_API_KEY }} | |
| MAC_NOTR_API_KEY_ID: ${{ secrets.MAC_API_KEY_ID }} | |
| MAC_NOTR_API_KEY_ISSUER_ID: ${{ secrets.MAC_API_KEY_ISSUER_ID }} | |
| WIN_SIGN_CERT: ${{ secrets.WIN_CODE_SIGN_CHAIN }} | |
| GCP_KMS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_KMS_WORKLOAD_IDENTITY_PROVIDER }} | |
| GCP_KMS_SERVICE_ACCOUNT: ${{ secrets.GCP_KMS_SERVICE_ACCOUNT }} | |
| GCP_KMS_LOCATION: ${{ secrets.GCP_KMS_LOCATION }} | |
| GCP_KMS_KEYRING: ${{ secrets.GCP_SOFTWARE_KMS_KEYRING }} | |
| GCP_KMS_KEY_NAME: ${{ secrets.GCP_SOFTWARE_KMS_KEY_NAME }} | |
| TELEGRAM_NOTIFICATION_TARGET: ${{ secrets.TG_CHANNEL_MIBUILDS }} | |
| TELEGRAM_API_TOKEN: ${{ secrets.TG_CI_BOT_TOKEN }} | |
| GH_ZEN_APP_ID: ${{ secrets.GH_ZEN_APP_ID }} | |
| GH_ZEN_APP_PRIVATE_KEY: ${{ secrets.GH_ZEN_APP_PRIVATE_KEY }} |