Skip to content

Fix release workflow by removing duplicate macos building and migrating to Trusted Publisher #237

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dimpase merged 1 commit into from
Oct 29, 2025
Merged

Fix release workflow by removing duplicate macos building and migrating to Trusted Publisher #237

dimpase merged 1 commit into from
Oct 29, 2025

Conversation

@tobiasdiez
Copy link
Contributor

@tobiasdiez tobiasdiez commented Oct 29, 2025

The wheel publishing during the release failed since the macos wheels were built twice, and then the download-artificat action produced garbage (see eg scikit-build/scikit-build-core#696).
This is fixed by only building on the latest macos arm (we could probably also produce wheels for macos intel, but since this platform is discontinued and wheels are not super important for cysignals anyway, I don't see much value in doing this).

Moreover, I've removed the discouraged user & password auth for publishing. This means however that Trusted Publishing has to be setup:

A new Trusted Publisher for the currently running publishing workflow can be created by accessing the following link(s) while logged-in as an owner of the package(s):

(see also https://docs.pypi.org/trusted-publishers/adding-a-publisher/)

@tobiasdiez tobiasdiez requested a review from dimpase October 29, 2025 11:32
@dimpase
Copy link
Member

dimpase commented Oct 29, 2025

I've created a trusted publisher

GitHub 	
Repository: [sagemath/cysignals](https://github.com/sagemath/cysignals)
Workflow: dist.yml
Environment name: release

but I have no idea what to do next.
There was already one such publisher there, (without a set environment name)

@dimpase dimpase merged commit 86427b2 into sagemath:main Oct 29, 2025
20 checks passed
@tobiasdiez tobiasdiez deleted the fix-release branch October 29, 2025 17:13
@tobiasdiez
Copy link
Contributor Author

tobiasdiez commented Oct 29, 2025

Thanks, that should have been everything. If you create a new release, it should work now... (hopefully ;-))

@dimpase
Copy link
Member

dimpase commented Oct 30, 2025

well, the action "succeeds", but nothing gets published.
(I removed and re-added the 1.12.6 release on GitHub)
https://github.com/sagemath/cysignals/actions/runs/18918851682/job/54009778131

@dimpase
Copy link
Member

dimpase commented Oct 30, 2025
edited
Loading

https://docs.pypi.org/trusted-publishers/using-a-publisher/ says that there should be an id-token mentioned in the action file (I can't make complete sense of how this works, but it's something that we don't set here)
PS. oops, it appears to be there. No idea what's up

@tobiasdiez
Copy link
Contributor Author

tobiasdiez commented Oct 30, 2025

Did you push a new tag? These steps are only run for tags, not when you manually run the workflow:

cysignals/.github/workflows/dist.yml

Line 71 in 117f187

if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')

@dimpase
Copy link
Member

dimpase commented Oct 30, 2025

right. I naively thought it's triggered by making a new github release, not by a new tag. All good now

@tobiasdiez
Copy link
Contributor Author

tobiasdiez commented Oct 30, 2025

Thanks a lot @dimpase!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dimpase dimpase Awaiting requested review from dimpase

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tobiasdiez @dimpase