diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 105e513..7dc25a3 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -10,111 +10,8 @@ permissions: id-token: write jobs: - build-binaries: - strategy: - fail-fast: false - matrix: - include: - - os: ubuntu-latest - arch: x64 - artifact: tsr-linux-x64 - - os: ubuntu-24.04-arm - arch: arm64 - artifact: tsr-linux-arm64 - - os: macos-latest - arch: arm64 - artifact: tsr-macos-arm64 - - os: macos-15-large - arch: x64 - artifact: tsr-macos-x64 - - os: windows-latest - arch: x64 - artifact: tsr-windows-x64.exe - - runs-on: ${{ matrix.os }} - - steps: - - uses: actions/checkout@v4 - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.12' - - - name: Install dependencies - run: | - pip install nuitka - pip install -e . - - - name: Build binary (Unix) - if: runner.os != 'Windows' - run: | - python -m nuitka \ - --standalone \ - --onefile \ - --output-dir=dist \ - --output-filename=${{ matrix.artifact }} \ - --assume-yes-for-downloads \ - --remove-output \ - tensors.py - - - name: Sign and notarize (macOS) - if: runner.os == 'macOS' && env.APPLE_CERTIFICATE_BASE64 != '' - env: - APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} - APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} - APPLE_ID: ${{ secrets.APPLE_ID }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - run: | - # Import certificate - echo "$APPLE_CERTIFICATE_BASE64" | base64 --decode > certificate.p12 - security create-keychain -p "" build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p "" build.keychain - security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "" build.keychain - - # Sign the binary - codesign --force --options runtime --sign "Developer ID Application" dist/${{ matrix.artifact }} - - # Create zip for notarization - ditto -c -k --keepParent dist/${{ matrix.artifact }} dist/${{ matrix.artifact }}.zip - - # Submit for notarization - xcrun notarytool submit dist/${{ matrix.artifact }}.zip \ - --apple-id "$APPLE_ID" \ - --password "$APPLE_ID_PASSWORD" \ - --team-id "$APPLE_TEAM_ID" \ - --wait - - # Staple the notarization ticket - xcrun stapler staple dist/${{ matrix.artifact }} - - # Cleanup - rm certificate.p12 dist/${{ matrix.artifact }}.zip - - - name: Build binary (Windows) - if: runner.os == 'Windows' - run: | - python -m nuitka ` - --standalone ` - --onefile ` - --output-dir=dist ` - --output-filename=${{ matrix.artifact }} ` - --assume-yes-for-downloads ` - --remove-output ` - tensors.py - - - name: Upload artifact - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.artifact }} - path: dist/${{ matrix.artifact }} - publish: runs-on: ubuntu-latest - needs: build-binaries steps: - uses: actions/checkout@v4 @@ -141,24 +38,12 @@ jobs: - name: Build package run: python -m build - - name: Download all artifacts - uses: actions/download-artifact@v4 - with: - path: binaries - - - name: Prepare release assets - run: | - mkdir -p release - cp dist/* release/ - find binaries -type f -exec cp {} release/ \; - ls -la release/ - - name: Publish to PyPI uses: pypa/gh-action-pypi-publish@release/v1 - name: Create GitHub Release uses: softprops/action-gh-release@v2 with: - files: release/* + files: dist/* prerelease: ${{ steps.version.outputs.prerelease }} generate_release_notes: true diff --git a/RELEASE.md b/RELEASE.md new file mode 100644 index 0000000..56cb270 --- /dev/null +++ b/RELEASE.md @@ -0,0 +1,89 @@ +# Release Process + +## Publishing a Release + +Push a version tag to trigger the publish workflow: + +```bash +git tag v0.1.2 +git push origin v0.1.2 +``` + +The workflow will: +1. Build the Python package +2. Publish to PyPI +3. Create a GitHub Release + +## Building Platform Binaries + +Platform-specific binaries can be built locally using [Nuitka](https://nuitka.net/). + +### Prerequisites + +```bash +pip install nuitka +pip install -e . +``` + +### Build Commands + +**Linux / macOS:** +```bash +python -m nuitka \ + --standalone \ + --onefile \ + --output-dir=dist \ + --output-filename=tsr \ + --assume-yes-for-downloads \ + --remove-output \ + tensors.py +``` + +**Windows:** +```powershell +python -m nuitka ` + --standalone ` + --onefile ` + --output-dir=dist ` + --output-filename=tsr.exe ` + --assume-yes-for-downloads ` + --remove-output ` + tensors.py +``` + +### Output Artifacts + +| Platform | Arch | Filename | +|---------------|-------|--------------------| +| Linux | x64 | `tsr-linux-x64` | +| Linux | arm64 | `tsr-linux-arm64` | +| macOS | arm64 | `tsr-macos-arm64` | +| macOS | x64 | `tsr-macos-x64` | +| Windows | x64 | `tsr-windows-x64.exe` | + +### macOS Code Signing (Optional) + +To sign and notarize macOS binaries: + +```bash +# Sign the binary +codesign --force --options runtime --sign "Developer ID Application" dist/tsr + +# Create zip for notarization +ditto -c -k --keepParent dist/tsr dist/tsr.zip + +# Submit for notarization +xcrun notarytool submit dist/tsr.zip \ + --apple-id "$APPLE_ID" \ + --password "$APPLE_ID_PASSWORD" \ + --team-id "$APPLE_TEAM_ID" \ + --wait + +# Staple the notarization ticket +xcrun stapler staple dist/tsr +``` + +Required environment variables: +- `APPLE_ID` - Apple Developer account email +- `APPLE_ID_PASSWORD` - App-specific password +- `APPLE_TEAM_ID` - Developer Team ID