diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index 409a189..539ffe4 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -5,20 +5,18 @@ env: # A tag or branch name or a commit hash for the matplotlib/matplotlib repo, for which # to build wheels. This is normally set to `main` in the main branch of this # repo, and to a tag name (e.g., `v2.3.2`) on a release branch. - SOURCE_REF_TO_BUILD: v3.11.0rc2 + SOURCE_REF_TO_BUILD: v3.11.0 on: # TODO cron job? scipy does this # Save CI by only running this on release branches or tags. - push: # FOR TESTING ONLY + push: # FOR TESTING ONLY branches: - main - v[0-9]+.[0-9]+.x tags: - v* - # Also allow running this action on PRs if requested by applying the - # "Run cibuildwheel" label. pull_request: branches: - main @@ -48,12 +46,12 @@ jobs: steps: - name: Checkout matplotlib-release - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Checkout matplotlib - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: matplotlib/matplotlib ref: ${{ env.SOURCE_REF_TO_BUILD }} @@ -62,12 +60,11 @@ jobs: persist-credentials: false fetch-depth: 0 - - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 name: Install Python with: python-version: '3.11' - - name: Install dependencies run: python -m pip install build twine @@ -82,7 +79,7 @@ jobs: run: twine check mpl-src/dist/* - name: Upload sdist result - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: cibw-sdist path: mpl-src/dist/*.tar.gz @@ -95,24 +92,24 @@ jobs: steps: - name: Checkout matplotlib-release - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Download sdist - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: - name: cibw-sdist - path: dist/ + name: cibw-sdist + path: dist/ - name: Update LICENSE for binary distribution (append auxilliary licenses to LICENSE file) run: | tar -xvf dist/${{ needs.build_sdist.outputs.SDIST_NAME }} cat ${{ github.workspace }}/tools/wheels/LICENSE_binary.txt >> matplotlib*/LICENSE/LICENSE - tar -cvf dist/${{ needs.build_sdist.outputs.SDIST_NAME }} matplotlib* + tar -cvf dist/${{ needs.build_sdist.outputs.SDIST_NAME }} matplotlib* - name: Upload sdist result - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: sdist-license path: dist/*.tar.gz @@ -165,13 +162,13 @@ jobs: steps: - name: Download sdist - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: - name: sdist-license - path: dist/ + name: sdist-license + path: dist/ - name: Build wheels for CPython 3.14 - uses: pypa/cibuildwheel@9c00cb4f6b517705a3794b22395aedc36257242c # v3.2.1 + uses: pypa/cibuildwheel@8d2b08b68458a16aeb24b64e68a09ab1c8e82084 # v3.4.1 with: package-dir: dist/${{ needs.build_sdist.outputs.SDIST_NAME }} env: @@ -181,7 +178,7 @@ jobs: CIBW_MANYLINUX_X86_64_IMAGE: manylinux_2_28 - name: Build wheels for CPython 3.13 - uses: pypa/cibuildwheel@9c00cb4f6b517705a3794b22395aedc36257242c # v3.2.1 + uses: pypa/cibuildwheel@8d2b08b68458a16aeb24b64e68a09ab1c8e82084 # v3.4.1 with: package-dir: dist/${{ needs.build_sdist.outputs.SDIST_NAME }} env: @@ -190,7 +187,7 @@ jobs: CIBW_ARCHS: ${{ matrix.cibw_archs }} - name: Build wheels for CPython 3.12 - uses: pypa/cibuildwheel@9c00cb4f6b517705a3794b22395aedc36257242c # v3.2.1 + uses: pypa/cibuildwheel@8d2b08b68458a16aeb24b64e68a09ab1c8e82084 # v3.4.1 with: package-dir: dist/${{ needs.build_sdist.outputs.SDIST_NAME }} env: @@ -198,7 +195,7 @@ jobs: CIBW_ARCHS: ${{ matrix.cibw_archs }} - name: Build wheels for CPython 3.11 - uses: pypa/cibuildwheel@9c00cb4f6b517705a3794b22395aedc36257242c # v3.2.1 + uses: pypa/cibuildwheel@8d2b08b68458a16aeb24b64e68a09ab1c8e82084 # v3.4.1 with: package-dir: dist/${{ needs.build_sdist.outputs.SDIST_NAME }} env: @@ -206,7 +203,7 @@ jobs: CIBW_ARCHS: ${{ matrix.cibw_archs }} - name: Build wheels for PyPy - uses: pypa/cibuildwheel@9c00cb4f6b517705a3794b22395aedc36257242c # v3.2.1 + uses: pypa/cibuildwheel@8d2b08b68458a16aeb24b64e68a09ab1c8e82084 # v3.4.1 with: package-dir: dist/${{ needs.build_sdist.outputs.SDIST_NAME }} env: @@ -215,7 +212,7 @@ jobs: CIBW_ENABLE: pypy if: matrix.cibw_archs != 'aarch64' && matrix.os != 'windows-latest' && matrix.os != 'windows-11-arm' - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: cibw-wheels-${{ runner.os }}-${{ matrix.cibw_archs }} path: ./wheelhouse/*.whl @@ -234,21 +231,21 @@ jobs: id-token: write # mandatory for trusted publishing steps: - name: Download sdist and wheels - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: cibw-* path: dist merge-multiple: true - name: Publish - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: repository-url: https://test.pypi.org/legacy/ skip-existing: true print-hash: true attestations: true -# ------------------------------------------------------------------------------------- + # ------------------------------------------------------------------------------------- check_version: name: Ensure commit is tag before upload to PyPi @@ -257,7 +254,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout matplotlib - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: matplotlib/matplotlib ref: ${{ env.SOURCE_REF_TO_BUILD }} @@ -279,7 +276,7 @@ jobs: echo "SOURCE_REF_TO_BUILD is a tag" fi; -# ------------------------------------------------------------------------------------- + # ------------------------------------------------------------------------------------- pypi-publish: name: Publish release to PyPI if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'pypi' @@ -292,14 +289,14 @@ jobs: id-token: write # mandatory for trusted publishing steps: - name: Download sdist and wheels - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: cibw-* path: dist merge-multiple: true - name: Publish - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: print-hash: true attestations: true