[mamba content trust] Enable verifying packages signatures (#3192) #4080
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Micromamba | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- 'docs/**' | |
- 'mamba/**' | |
- 'libmambapy/**' | |
- '**.md' | |
merge_group: | |
types: [checks_requested] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
micromamba-static-unix: | |
name: "${{ matrix.platform }}-${{ matrix.arch }}" | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- { os: ubuntu-latest, platform: linux, arch: "64" } | |
- { os: ubuntu-latest, platform: linux, arch: aarch64 } | |
- { os: ubuntu-latest, platform: linux, arch: ppc64le } | |
- { os: macos-latest, platform: osx, arch: "64" } | |
- { os: macos-latest, platform: osx, arch: arm64 } | |
steps: | |
- name: Checkout micromamba-feedstock | |
uses: actions/checkout@v3 | |
with: | |
# Running a fork until we can merge the changes in micromamba-feedstock | |
# https://github.com/conda-forge/micromamba-feedstock/pull/154 | |
repository: AntoinePrv/micromamba-feedstock | |
path: micromamba-feedstock | |
- name: Checkout mamba branch | |
uses: actions/checkout@v3 | |
with: | |
path: mamba | |
- name: Clear mamba git directory and link source | |
# `source` subfolder is the special location looked-up by our feedstock. | |
# Due to Docker, we can only put it as a subfolder of `micromamba-feedstock`, | |
run: | | |
rm -rf "mamba/.git" | |
mv mamba/ micromamba-feedstock/source | |
# Prevent irrelevant file permission error | |
git -C micromamba-feedstock/ config --local --add safe.directory '*' | |
- uses: mamba-org/setup-micromamba@v1 | |
with: | |
environment-name: mambabuild | |
create-args: python boa | |
post-cleanup: none # FIXME the cleanup fails on OSX | |
- name: Build conda package (Unix native) | |
if: ${{ !(matrix.platform == 'linux' && matrix.arch != '64') }} | |
shell: bash -l {0} | |
run: | | |
cd micromamba-feedstock/ | |
# Special values for running the feedstock with a local source | |
export FEEDSTOCK_ROOT="${PWD}" | |
export CI="local" | |
# For OSX not using Docker | |
export CONDA_BLD_PATH="${PWD}/build_artifacts" | |
mkdir -p "${CONDA_BLD_PATH}" | |
python build-locally.py "${{ matrix.platform }}_${{ matrix.arch }}_" | |
# The build_locally.py script will test all Linux builds, which fails outside of linux-64 | |
- name: Build conda package (Linux emulated) | |
if: ${{ matrix.platform == 'linux' && matrix.arch != '64' }} | |
uses: uraimo/run-on-arch-action@v2 | |
with: | |
arch: ${{ matrix.arch }} | |
distro: ubuntu_latest | |
dockerRunArgs: -v /var/run/docker.sock:/var/run/docker.sock | |
install: | | |
apt-get update -y | |
apt-get install -y python3 docker.io | |
run: | | |
cd micromamba-feedstock/ | |
# Prevent irrelevant file permission error | |
chown -R $(whoami) . | |
# Special values for running the feedstock with a local source | |
export FEEDSTOCK_ROOT="${PWD}" | |
export CI="local" | |
python3 build-locally.py "${{ matrix.platform }}_${{ matrix.arch }}_" | |
- name: Unpack micromamba package | |
shell: bash -l {0} | |
run: | | |
ls micromamba-feedstock/build_artifacts | |
micromamba package extract \ | |
"micromamba-feedstock/build_artifacts/${{ matrix.platform }}-${{ matrix.arch }}/"micromamba-*.tar.bz2 "pkg/" | |
mkdir -p "${{ github.workspace }}/artifacts" | |
cp pkg/bin/micromamba "${{ github.workspace }}/artifacts" | |
- name: Archive conda-build artifact | |
if: failure() | |
run: tar -czf ${{ github.workspace }}/micromamba-conda-build-failed-${{ matrix.platform }}-${{ matrix.arch }}.tar.gz $MAMBA_ROOT_PREFIX/envs/mambabuild/conda-bld/micromamba_* | |
- name: Upload conda build artifacts | |
uses: actions/upload-artifact@v3 | |
if: failure() | |
with: | |
name: micromamba-conda-build-failed-${{ matrix.platform }}-${{ matrix.arch }} | |
path: ${{ github.workspace }}/micromamba-conda-build-failed-${{ matrix.platform }}-${{ matrix.arch }}.tar.gz | |
retention-days: 7 | |
- name: Upload micromamba | |
uses: actions/upload-artifact@v3 | |
with: | |
name: micromamba-${{ matrix.platform }}-${{ matrix.arch }} | |
path: ${{ github.workspace }}/artifacts/micromamba | |
micromamba-static-win: | |
name: "win-64" | |
runs-on: windows-2022 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Cache vcpkg packages | |
uses: actions/cache@v3 | |
with: | |
# The installed packages are in %VCPKG_INSTALLATION_ROOT%\installed\x64-windows-static | |
# and the info which packages are installed is in %VCPKG_INSTALLATION_ROOT%\installed\vcpkg | |
path: C:\Users\runneradmin\AppData\Local\vcpkg | |
key: vcpkg-win-64-appdata | |
- name: Install dependencies with vcpkg | |
shell: cmd | |
# remove libsolv overlay-ports once https://github.com/microsoft/vcpkg/pull/31275 is released | |
run: | | |
vcpkg install --triplet x64-windows-static-md | |
- uses: hendrikmuhs/ccache-action@main | |
with: | |
variant: sccache | |
key: sccache-${{ github.job }}-win-64 | |
- name: Set up MSVC | |
uses: ilammy/msvc-dev-cmd@v1 | |
- uses: mamba-org/setup-micromamba@v1 | |
with: | |
environment-name: mambabuild | |
init-shell: bash cmd.exe | |
create-args: >- | |
cli11>=2.2,<3 | |
cpp-expected | |
nlohmann_json | |
simdjson-static>=3.3.0 | |
spdlog | |
fmt | |
yaml-cpp-static>=0.8.0 | |
libsolv-static>=0.7.24 | |
reproc-cpp-static>=14.2.4.post0 | |
- name: build micromamba | |
shell: cmd /C call {0} | |
run: | | |
set CMAKE_PREFIX_PATH=.\vcpkg_installed\x64-windows-static-md;%CONDA_PREFIX%\Library | |
cmake -S . ^ | |
-B build ^ | |
-D CMAKE_CXX_COMPILER_LAUNCHER=sccache ^ | |
-D CMAKE_C_COMPILER_LAUNCHER=sccache ^ | |
-D CMAKE_MSVC_RUNTIME_LIBRARY="MultiThreadedDLL" ^ | |
-D CMAKE_BUILD_TYPE="Release" ^ | |
-D BUILD_LIBMAMBA=ON ^ | |
-D BUILD_STATIC=ON ^ | |
-D BUILD_MICROMAMBA=ON ^ | |
-G "Ninja" | |
if %errorlevel% neq 0 exit /b %errorlevel% | |
cmake --build build | |
if %errorlevel% neq 0 exit /b %errorlevel% | |
sccache --show-stats | |
if %errorlevel% neq 0 exit /b %errorlevel% | |
.\build\micromamba\micromamba.exe --version | |
if %errorlevel% neq 0 exit /b %errorlevel% | |
.\build\micromamba\micromamba.exe --help | |
if %errorlevel% neq 0 exit /b %errorlevel% | |
- name: build cache statistics | |
run: sccache --show-stats | |
- name: Archive-build artifact | |
if: failure() | |
run: tar -czf ${{ github.workspace }}/micromamba-build-failed-win-64.tar.gz ${{ github.workspace }}/build/ | |
- name: Upload build artifacts | |
uses: actions/upload-artifact@v3 | |
if: failure() | |
with: | |
name: micromamba-build-failed-win-64 | |
path: ${{ github.workspace }}/micromamba-build-failed-win-64.tar.gz | |
retention-days: 7 | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: micromamba-win-64 | |
path: ${{ github.workspace }}/build/micromamba/micromamba.exe |