Fix ci

.github/workflows/release.yml

@@ -0,0 +1,297 @@
+# This workflow is autogenerated by xcookie.
+# File kind: release
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+# Based on ~/code/xcookie/xcookie/builders/github_actions.py
+# See: https://github.com/Erotemic/xcookie
+
+name: BinPyRelease
+
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  build_sdist:
+    ##
+    # Build the sdist artifact used by the release workflow.
+    # This workflow intentionally builds artifacts but does not run the
+    # full test matrix.
+    ##
+    name: Build sdist
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout source
+      uses: actions/checkout@v6.0.2
+    - name: Set up Python 3.13
+      uses: actions/setup-python@v5.6.0
+      with:
+        python-version: '3.13'
+    - name: Build sdist
+      shell: bash
+      run: |-
+        python -m pip install pip uv -U
+        python -m uv pip install setuptools>=0.8 wheel build twine
+        python -m build --sdist --outdir wheelhouse
+        python -m twine check ./wheelhouse/line_profiler*.tar.gz
+    - name: Show built files
+      shell: bash
+      run: ls -la wheelhouse
+    - uses: actions/upload-artifact@v6.0.0
+      name: Upload sdist artifact
+      with:
+        name: sdist_wheels
+        path: ./wheelhouse/line_profiler*.tar.gz
+  build_binpy_wheels:
+    ##
+    # Build binary wheels used by the release workflow.
+    ##
+    name: ${{ matrix.os }}, arch=${{ matrix.arch }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        # Normally, xcookie generates explicit lists of platforms to build / test
+        # on, but in this case cibuildwheel does that for us, so we need to just
+        # set the environment variables for cibuildwheel. These are parsed out of
+        # the standard [tool.cibuildwheel] section in pyproject.toml and set
+        # explicitly here.
+        os:
+        - ubuntu-latest
+        - macOS-latest
+        - windows-latest
+        - ubuntu-24.04-arm
+        cibw_skip:
+        - '*-win32 cp3{10}-win_arm64 cp313-musllinux_i686'
+        arch:
+        - auto
+    steps:
+    - name: Checkout source
+      uses: actions/checkout@v6.0.2
+    - name: Enable MSVC 64bit
+      uses: ilammy/msvc-dev-cmd@v1
+      if: ${{ startsWith(matrix.os, 'windows-') }}
+      with:
+        arch: ${{ contains(matrix.os, 'arm') && 'arm64' || 'x64' }}
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3.7.0
+      if: runner.os == 'Linux' && matrix.arch != 'auto'
+      with:
+        platforms: all
+    - name: Build binary wheels
+      uses: pypa/cibuildwheel@v3.3.1
+      with:
+        output-dir: wheelhouse
+        config-file: pyproject.toml
+      env:
+        CIBW_SKIP: ${{ matrix.cibw_skip }}
+        CIBW_TEST_SKIP: '*-win_arm64'
+        CIBW_ARCHS_LINUX: ${{ matrix.arch }}
+        PYTHONUTF8: '1'
+        VSCMD_ARG_TGT_ARCH: ''
+    - name: Show built files
+      shell: bash
+      run: ls -la wheelhouse
+    - uses: actions/upload-artifact@v6.0.0
+      name: Upload wheels artifact
+      with:
+        name: wheels-${{ matrix.os }}-${{ matrix.arch }}
+        path: ./wheelhouse/line_profiler*.whl
+  test_deploy:
+    name: Deploy Test
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && ! startsWith(github.event.ref, 'refs/tags') && ! startsWith(github.event.ref, 'refs/heads/release')
+    needs:
+    - build_binpy_wheels
+    - build_sdist
+    steps:
+    - name: Checkout source
+      uses: actions/checkout@v6.0.2
+    - uses: actions/download-artifact@v4.1.8
+      name: Download wheels
+      with:
+        pattern: wheels-*
+        merge-multiple: true
+        path: wheelhouse
+    - uses: actions/download-artifact@v4.1.8
+      name: Download sdist
+      with:
+        name: sdist_wheels
+        path: wheelhouse
+    - name: Show files to upload
+      shell: bash
+      run: ls -la wheelhouse
+    - name: Sign and Publish
+      env:
+        TWINE_REPOSITORY_URL: https://test.pypi.org/legacy/
+        TWINE_USERNAME: __token__
+        TWINE_PASSWORD: ${{ secrets.TEST_TWINE_PASSWORD }}
+        CI_SECRET: ${{ secrets.CI_SECRET }}
+      run: |-
+        GPG_EXECUTABLE=gpg
+        $GPG_EXECUTABLE --version
+        openssl version
+        $GPG_EXECUTABLE --list-keys
+        echo "Decrypting Keys"
+        openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:CI_SECRET -d -a -in dev/ci_public_gpg_key.pgp.enc | $GPG_EXECUTABLE --import
+        openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:CI_SECRET -d -a -in dev/gpg_owner_trust.enc | $GPG_EXECUTABLE --import-ownertrust
+        openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:CI_SECRET -d -a -in dev/ci_secret_gpg_subkeys.pgp.enc | $GPG_EXECUTABLE --import
+        echo "Finish Decrypt Keys"
+        $GPG_EXECUTABLE --list-keys || true
+        $GPG_EXECUTABLE --list-keys  || echo "first invocation of gpg creates directories and returns 1"
+        $GPG_EXECUTABLE --list-keys
+        VERSION=$(python -c "import setup; print(setup.VERSION)")
+        python -m pip install pip uv -U
+        python -m pip install packaging twine -U
+        python -m pip install urllib3 requests[security]
+        GPG_KEYID=$(cat dev/public_gpg_key)
+        echo "GPG_KEYID = '$GPG_KEYID'"
+        GPG_SIGN_CMD="$GPG_EXECUTABLE --batch --yes --detach-sign --armor --local-user $GPG_KEYID"
+        WHEEL_PATHS=(wheelhouse/*.whl wheelhouse/*.tar.gz)
+        WHEEL_PATHS_STR=$(printf '"%s" ' "${WHEEL_PATHS[@]}")
+        echo "$WHEEL_PATHS_STR"
+        for WHEEL_PATH in "${WHEEL_PATHS[@]}"
+        do
+            echo "------"
+            echo "WHEEL_PATH = $WHEEL_PATH"
+            $GPG_SIGN_CMD --output $WHEEL_PATH.asc $WHEEL_PATH
+            $GPG_EXECUTABLE --verify $WHEEL_PATH.asc $WHEEL_PATH  || echo "hack, the first run of gpg very fails"
+            $GPG_EXECUTABLE --verify $WHEEL_PATH.asc $WHEEL_PATH
+        done
+        ls -la wheelhouse
+        python -m pip install opentimestamps-client
+        ots stamp wheelhouse/*.whl wheelhouse/*.tar.gz wheelhouse/*.asc
+        ls -la wheelhouse
+        twine upload --username __token__ --password "$TWINE_PASSWORD" --repository-url "$TWINE_REPOSITORY_URL" wheelhouse/*.whl wheelhouse/*.tar.gz --skip-existing --verbose || { echo "failed to twine upload" ; exit 1; }
+    - uses: actions/upload-artifact@v6.0.0
+      name: Upload deploy artifacts
+      with:
+        name: deploy_artifacts
+        path: |-
+          wheelhouse/*.whl
+          wheelhouse/*.zip
+          wheelhouse/*.tar.gz
+          wheelhouse/*.asc
+          wheelhouse/*.ots
+  live_deploy:
+    name: Deploy Live
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && (startsWith(github.event.ref, 'refs/tags') || startsWith(github.event.ref, 'refs/heads/release'))
+    needs:
+    - build_binpy_wheels
+    - build_sdist
+    steps:
+    - name: Checkout source
+      uses: actions/checkout@v6.0.2
+    - uses: actions/download-artifact@v4.1.8
+      name: Download wheels
+      with:
+        pattern: wheels-*
+        merge-multiple: true
+        path: wheelhouse
+    - uses: actions/download-artifact@v4.1.8
+      name: Download sdist
+      with:
+        name: sdist_wheels
+        path: wheelhouse
+    - name: Show files to upload
+      shell: bash
+      run: ls -la wheelhouse
+    - name: Sign and Publish
+      env:
+        TWINE_REPOSITORY_URL: https://upload.pypi.org/legacy/
+        TWINE_USERNAME: __token__
+        TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
+        CI_SECRET: ${{ secrets.CI_SECRET }}
+      run: |-
+        GPG_EXECUTABLE=gpg
+        $GPG_EXECUTABLE --version
+        openssl version
+        $GPG_EXECUTABLE --list-keys
+        echo "Decrypting Keys"
+        openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:CI_SECRET -d -a -in dev/ci_public_gpg_key.pgp.enc | $GPG_EXECUTABLE --import
+        openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:CI_SECRET -d -a -in dev/gpg_owner_trust.enc | $GPG_EXECUTABLE --import-ownertrust
+        openssl enc -aes-256-cbc -pbkdf2 -md SHA512 -pass env:CI_SECRET -d -a -in dev/ci_secret_gpg_subkeys.pgp.enc | $GPG_EXECUTABLE --import
+        echo "Finish Decrypt Keys"
+        $GPG_EXECUTABLE --list-keys || true
+        $GPG_EXECUTABLE --list-keys  || echo "first invocation of gpg creates directories and returns 1"
+        $GPG_EXECUTABLE --list-keys
+        VERSION=$(python -c "import setup; print(setup.VERSION)")
+        python -m pip install pip uv -U
+        python -m pip install packaging twine -U
+        python -m pip install urllib3 requests[security]
+        GPG_KEYID=$(cat dev/public_gpg_key)
+        echo "GPG_KEYID = '$GPG_KEYID'"
+        GPG_SIGN_CMD="$GPG_EXECUTABLE --batch --yes --detach-sign --armor --local-user $GPG_KEYID"
+        WHEEL_PATHS=(wheelhouse/*.whl wheelhouse/*.tar.gz)
+        WHEEL_PATHS_STR=$(printf '"%s" ' "${WHEEL_PATHS[@]}")
+        echo "$WHEEL_PATHS_STR"
+        for WHEEL_PATH in "${WHEEL_PATHS[@]}"
+        do
+            echo "------"
+            echo "WHEEL_PATH = $WHEEL_PATH"
+            $GPG_SIGN_CMD --output $WHEEL_PATH.asc $WHEEL_PATH
+            $GPG_EXECUTABLE --verify $WHEEL_PATH.asc $WHEEL_PATH  || echo "hack, the first run of gpg very fails"
+            $GPG_EXECUTABLE --verify $WHEEL_PATH.asc $WHEEL_PATH
+        done
+        ls -la wheelhouse
+        python -m pip install opentimestamps-client
+        ots stamp wheelhouse/*.whl wheelhouse/*.tar.gz wheelhouse/*.asc
+        ls -la wheelhouse
+        twine upload --username __token__ --password "$TWINE_PASSWORD" --repository-url "$TWINE_REPOSITORY_URL" wheelhouse/*.whl wheelhouse/*.tar.gz --skip-existing --verbose || { echo "failed to twine upload" ; exit 1; }
+    - uses: actions/upload-artifact@v6.0.0
+      name: Upload deploy artifacts
+      with:
+        name: deploy_artifacts
+        path: |-
+          wheelhouse/*.whl
+          wheelhouse/*.zip
+          wheelhouse/*.tar.gz
+          wheelhouse/*.asc
+          wheelhouse/*.ots
+  release:
+    name: Create Github Release
+    if: github.event_name == 'push' && (startsWith(github.event.ref, 'refs/tags') || startsWith(github.event.ref, 'refs/heads/release'))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    needs:
+    - live_deploy
+    steps:
+    - name: Checkout source
+      uses: actions/checkout@v6.0.2
+    - uses: actions/download-artifact@v4.1.8
+      name: Download artifacts
+      with:
+        name: deploy_artifacts
+        path: wheelhouse
+    - name: Show files to release
+      shell: bash
+      run: ls -la wheelhouse
+    - run: 'echo "Automatic Release Notes. TODO: improve" > ${{ github.workspace }}-CHANGELOG.txt'
+    - name: Tag Release Commit
+      if: (startsWith(github.event.ref, 'refs/heads/release'))
+      run: |-
+        export VERSION=$(python -c "import setup; print(setup.VERSION)")
+        git tag "v$VERSION"
+        git push origin "v$VERSION"
+    - uses: softprops/action-gh-release@v1
+      name: Create Release
+      id: create_release
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        body_path: ${{ github.workspace }}-CHANGELOG.txt
+        tag_name: ${{ github.ref }}
+        name: Release ${{ github.ref }}
+        body: Automatic Release
+        generate_release_notes: true
+        draft: true
+        prerelease: false
+        files: |-
+          wheelhouse/*.whl
+          wheelhouse/*.asc
+          wheelhouse/*.ots
+          wheelhouse/*.zip
+          wheelhouse/*.tar.gz
+
+