name: Publish Package on: push: tags: - 'v*' permissions: contents: write id-token: write jobs: build-binaries: strategy: fail-fast: false matrix: include: - os: ubuntu-latest arch: x64 artifact: tsr-linux-x64 - os: ubuntu-24.04-arm arch: arm64 artifact: tsr-linux-arm64 - os: macos-latest arch: arm64 artifact: tsr-macos-arm64 - os: macos-15-large arch: x64 artifact: tsr-macos-x64 - os: windows-latest arch: x64 artifact: tsr-windows-x64.exe runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.12' - name: Install dependencies run: | pip install nuitka pip install -e . - name: Build binary (Unix) if: runner.os != 'Windows' run: | python -m nuitka \ --standalone \ --onefile \ --output-dir=dist \ --output-filename=${{ matrix.artifact }} \ --assume-yes-for-downloads \ --remove-output \ tensors.py - name: Sign and notarize (macOS) if: runner.os == 'macOS' && env.APPLE_CERTIFICATE_BASE64 != '' env: APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} run: | # Import certificate echo "$APPLE_CERTIFICATE_BASE64" | base64 --decode > certificate.p12 security create-keychain -p "" build.keychain security default-keychain -s build.keychain security unlock-keychain -p "" build.keychain security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "" build.keychain # Sign the binary codesign --force --options runtime --sign "Developer ID Application" dist/${{ matrix.artifact }} # Create zip for notarization ditto -c -k --keepParent dist/${{ matrix.artifact }} dist/${{ matrix.artifact }}.zip # Submit for notarization xcrun notarytool submit dist/${{ matrix.artifact }}.zip \ --apple-id "$APPLE_ID" \ --password "$APPLE_ID_PASSWORD" \ --team-id "$APPLE_TEAM_ID" \ --wait # Staple the notarization ticket xcrun stapler staple dist/${{ matrix.artifact }} # Cleanup rm certificate.p12 dist/${{ matrix.artifact }}.zip - name: Build binary (Windows) if: runner.os == 'Windows' run: | python -m nuitka ` --standalone ` --onefile ` --output-dir=dist ` --output-filename=${{ matrix.artifact }} ` --assume-yes-for-downloads ` --remove-output ` tensors.py - name: Upload artifact uses: actions/upload-artifact@v4 with: name: ${{ matrix.artifact }} path: dist/${{ matrix.artifact }} publish: runs-on: ubuntu-latest needs: build-binaries steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.12' - name: Install build tools run: pip install build - name: Extract version from tag id: version run: | TAG=${GITHUB_REF#refs/tags/v} echo "version=$TAG" >> $GITHUB_OUTPUT if [[ "$TAG" =~ -pre[0-9]*$ ]] || [[ "$TAG" =~ -alpha[0-9]*$ ]] || [[ "$TAG" =~ -beta[0-9]*$ ]] || [[ "$TAG" =~ -rc[0-9]*$ ]] || [[ "$TAG" =~ -a[0-9]*$ ]]; then echo "prerelease=true" >> $GITHUB_OUTPUT else echo "prerelease=false" >> $GITHUB_OUTPUT fi - name: Build package run: python -m build - name: Download all artifacts uses: actions/download-artifact@v4 with: path: binaries - name: Prepare release assets run: | mkdir -p release cp dist/* release/ find binaries -type f -exec cp {} release/ \; ls -la release/ - name: Publish to PyPI uses: pypa/gh-action-pypi-publish@release/v1 - name: Create GitHub Release uses: softprops/action-gh-release@v2 with: files: release/* prerelease: ${{ steps.version.outputs.prerelease }} generate_release_notes: true