From 46102f821ed8413d215bf7ca054d7de35d267d7d Mon Sep 17 00:00:00 2001 From: behnazh-w Date: Tue, 15 Apr 2025 15:44:38 +1000 Subject: [PATCH] build: add support for ARM architecture Signed-off-by: behnazh-w --- .github/workflows/_build.yaml | 87 ++++++++++++------ .github/workflows/_build_docker.yaml | 36 +++++--- .github/workflows/_deploy-github-pages.yaml | 39 ++++++--- .github/workflows/pr-change-set.yaml | 46 +++++++++- .github/workflows/release.yaml | 38 +++++--- Makefile | 97 +++++++++++++-------- 6 files changed, 247 insertions(+), 96 deletions(-) diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml index a913e1fb3..7850b99e8 100644 --- a/.github/workflows/_build.yaml +++ b/.github/workflows/_build.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2022 - 2025, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. # This is a trusted builder implemented as a reusable workflow that can be called by other @@ -25,21 +25,16 @@ name: Build the package on: workflow_call: - outputs: - artifacts-sha256: - description: The hash of the artifacts - value: ${{ jobs.build.outputs.artifacts-sha256 }} permissions: contents: read env: - ARTIFACT_OS: ubuntu-latest # The default OS for release. - ARTIFACT_PYTHON: '3.11' # The default Python version for release. - PACKAGE_PATH: src/macaron # The relative Python package path to the repo. + RELEASE_OS_X86_64: ubuntu-24.04 # Default OS for x86_64-compatible release artifacts. + RELEASE_OS_ARM64: ubuntu-24.04-arm # Default OS for ARM64-compatible release artifacts. + RELEASE_PYTHON_VERSION: '3.11' # Default Python version used for release artifacts. + PACKAGE_PATH: src/macaron # The relative Python package path to the repo. jobs: build: - outputs: - artifacts-sha256: ${{ steps.compute-hash.outputs.artifacts-sha256 }} name: Build Macaron runs-on: ${{ matrix.os }} strategy: @@ -47,10 +42,31 @@ jobs: matrix: # It is recommended to pin a Runner version specifically: # https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners - os: [ubuntu-latest] + os: [ubuntu-24.04, ubuntu-24.04-arm] python: ['3.11'] + + outputs: + arch-env: ${{ steps.set-arch-env.outputs.arch_env }} + steps: + # Create a GitHub Actions environment variable that maps a matrix.os value to a more descriptive environment + # value (e.g., ubuntu-x86-64 or ubuntu-arm64). + - name: Determine architecture label + id: set-arch-env + shell: bash + run: | + if [[ "${{ matrix.os }}" == "ubuntu-24.04" ]]; then + echo "arch_env=ubuntu-x86-64" >> "$GITHUB_OUTPUT" + elif [[ "${{ matrix.os }}" == "ubuntu-24.04-arm" ]]; then + echo "arch_env=ubuntu-arm64" >> "$GITHUB_OUTPUT" + else + echo "arch_env=unknown" >> "$GITHUB_OUTPUT" + fi + + - name: Test the env variable + run: echo "Architecture-specific value ${{ steps.set-arch-env.outputs.arch_env }}" + - name: Check out repository uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: @@ -91,24 +107,33 @@ jobs: GITHUB_TOKEN: ${{ github.token }} # Generate the requirements.txt that contains the hash digests of the dependencies and - # generate the SBOM using CycloneDX SBOM generator. + # generate the SBOM using CyclonDX SBOM generator for the release Python version and + # supported release OS targets. - name: Generate requirements.txt and SBOM - if: matrix.os == env.ARTIFACT_OS && matrix.python == env.ARTIFACT_PYTHON + if: > + matrix.python == env.RELEASE_PYTHON_VERSION && + (matrix.os == env.RELEASE_OS_X86_64 || matrix.os == env.RELEASE_OS_ARM64) run: make requirements sbom # Remove the old requirements.txt file (which includes _all_ packages) and generate a - # new one for the package and its actual and required dependencies only. + # new one for the package and its actual and required dependencies only. Run this step + # for the release Python version and supported release OS targets only. - name: Prune packages and generate required requirements.txt - if: matrix.os == env.ARTIFACT_OS && matrix.python == env.ARTIFACT_PYTHON + if: > + matrix.python == env.RELEASE_PYTHON_VERSION && + (matrix.os == env.RELEASE_OS_X86_64 || matrix.os == env.RELEASE_OS_ARM64) run: | rm requirements.txt make prune requirements # Find the paths to the artifact files that will be included in the release, compute - # the SHA digest for all the release files and encode them using Base64, and export it - # from this job. + # the SHA digest for all the release files and encode them using Base64, and upload it + # from this job. Run this step for the release Python version and supported release + # OS targets only. - name: Compute package hash - if: matrix.os == env.ARTIFACT_OS && matrix.python == env.ARTIFACT_PYTHON + if: > + matrix.python == env.RELEASE_PYTHON_VERSION && + (matrix.os == env.RELEASE_OS_X86_64 || matrix.os == env.RELEASE_OS_ARM64) id: compute-hash shell: bash run: | @@ -123,19 +148,32 @@ jobs: DIGEST=$(sha256sum "$TARBALL_PATH" "$WHEEL_PATH" "$REQUIREMENTS_PATH" "$SBOM_PATH" \ "$SBOM_GO_PATH" "$HTML_DOCS_PATH" "$BUILD_EPOCH_PATH" | base64 -w0) echo "Digest of artifacts is $DIGEST." - echo "artifacts-sha256=$DIGEST" >> "$GITHUB_OUTPUT" + echo "$DIGEST" > artifacts-sha256-file-${{ steps.set-arch-env.outputs.arch_env }} # For now only generate artifacts for the specified OS and Python version in env variables. # Currently reusable workflows do not support setting strategy property from the caller workflow. - name: Upload the package artifact for debugging and release - if: matrix.os == env.ARTIFACT_OS && matrix.python == env.ARTIFACT_PYTHON + if: > + matrix.python == env.RELEASE_PYTHON_VERSION && + (matrix.os == env.RELEASE_OS_X86_64 || matrix.os == env.RELEASE_OS_ARM64) uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: - name: artifact-${{ matrix.os }}-python-${{ matrix.python }} - path: dist + name: artifacts-${{ steps.set-arch-env.outputs.arch_env }} + path: ./dist*/ if-no-files-found: error retention-days: 7 + # Run this step for the release Python version and supported release OS targets only. + - name: Upload artifacts sha256 + if: > + matrix.python == env.RELEASE_PYTHON_VERSION && + (matrix.os == env.RELEASE_OS_X86_64 || matrix.os == env.RELEASE_OS_ARM64) + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: artifacts-sha256-file-${{ steps.set-arch-env.outputs.arch_env }} + path: artifacts-sha256-file-${{ steps.set-arch-env.outputs.arch_env }} + retention-days: 7 + # This job calls the reusable workflow _build_docker.yaml to build and test # the Docker image. Note that the built image is not pushed to ghcr.io here. build_docker_image: @@ -145,7 +183,6 @@ jobs: packages: read uses: ./.github/workflows/_build_docker.yaml with: - artifact-sha256: ${{ needs.build.outputs.artifacts-sha256 }} - # TODO: use ${{ env.ARTIFACT_OS }} and ${{ env.ARTIFACT_PYTHON }} + # TODO: use ${{ env.RELEASE_OS_X86_64 }} # when this issue is addressed: https://github.com/actions/runner/issues/2394. - artifact-name: artifact-ubuntu-latest-python-3.11 + artifact-architecture: ubuntu-x86-64 diff --git a/.github/workflows/_build_docker.yaml b/.github/workflows/_build_docker.yaml index 20faa3c14..76b829cc1 100644 --- a/.github/workflows/_build_docker.yaml +++ b/.github/workflows/_build_docker.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2023 - 2024, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2023 - 2025, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. # This is a reuseable workflow to build and test the Docker image. Note that this workflow does not @@ -10,10 +10,7 @@ name: Build and push Docker image on: workflow_call: inputs: - artifact-name: - required: true - type: string - artifact-sha256: + artifact-architecture: required: true type: string permissions: @@ -40,18 +37,35 @@ jobs: - name: Download artifact uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: - name: ${{ inputs.artifact-name }} - path: dist + path: downloads # Verify hashes by first computing hashes for the artifacts and then comparing them # against the hashes for the artifact. - name: Verify the artifact hash - env: - ARTIFACT_HASH: ${{ inputs.artifact-sha256 }} run: | set -euo pipefail - echo "Hash of package should be $ARTIFACT_HASH." - echo "$ARTIFACT_HASH" | base64 --decode | sha256sum --strict --check --status || exit 1 + cd downloads + ARCH=${{ inputs.artifact-architecture }} + HASH_DIR="artifacts-sha256-file-${ARCH}" + ARTIFACT_DIR="artifacts-${ARCH}" + HASH_FILE="${HASH_DIR}/artifacts-sha256-file-${ARCH}" + + echo "Verifying artifacts for ${ARCH}" + echo "Decoding expected SHA256 digest:" + DECODED_HASH=$(base64 --decode "${HASH_FILE}") + echo "$DECODED_HASH" + + pushd "${ARTIFACT_DIR}" + echo "$DECODED_HASH" | sha256sum --strict --check --status || { + echo "Hash verification failed for ${ARCH}!" + exit 1 + } + popd + + # Copy the target dist folder to the repo directory for the subsequent steps. + cp -r "${ARTIFACT_DIR}"/dist ../ + + echo "Hash verified successfully for ${ARCH}." # Build the Docker image without pushing it. - name: Build the Docker image diff --git a/.github/workflows/_deploy-github-pages.yaml b/.github/workflows/_deploy-github-pages.yaml index 7e6c397fd..0cda6853d 100644 --- a/.github/workflows/_deploy-github-pages.yaml +++ b/.github/workflows/_deploy-github-pages.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2023 - 2025, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. # This workflow deploys the documentations to GitHub Pages. @@ -6,14 +6,10 @@ name: Deploy static content to Pages on: workflow_call: inputs: - artifact-name: - type: string + artifact-architecture: required: true - description: The artifact name that contains docs content - artifact-sha256: type: string - required: true - description: The sha of the artifact that contains docs content + description: The artifact distribution that contains docs content. # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages permissions: contents: read @@ -37,18 +33,35 @@ jobs: - name: Download artifact uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: - name: ${{ inputs.artifact-name }} - path: dist + path: downloads # Verify hashes by first computing hashes for the artifacts and then comparing them # against the hashes for the artifact. - name: Verify the artifact hash - env: - ARTIFACT_HASH: ${{ inputs.artifact-sha256 }} run: | set -euo pipefail - echo "Hash of package should be $ARTIFACT_HASH." - echo "$ARTIFACT_HASH" | base64 --decode | sha256sum --strict --check --status || exit 1 + cd downloads + ARCH=${{ inputs.artifact-architecture }} + HASH_DIR="artifacts-sha256-file-${ARCH}" + ARTIFACT_DIR="artifacts-${ARCH}" + HASH_FILE="${HASH_DIR}/artifacts-sha256-file-${ARCH}" + + echo "Verifying artifacts for ${ARCH}" + echo "Decoding expected SHA256 digest:" + DECODED_HASH=$(base64 --decode "${HASH_FILE}") + echo "$DECODED_HASH" + + pushd "${ARTIFACT_DIR}" + echo "$DECODED_HASH" | sha256sum --strict --check --status || { + echo "Hash verification failed for ${ARCH}!" + exit 1 + } + popd + + # Copy the target dist folder to the repo directory for the subsequent steps. + cp -r "${ARTIFACT_DIR}"/dist ../ + + echo "Hash verified successfully for ${ARCH}." # Prepare the docs content. - name: Prepare docs for release diff --git a/.github/workflows/pr-change-set.yaml b/.github/workflows/pr-change-set.yaml index 7aa2c804f..4519ab929 100644 --- a/.github/workflows/pr-change-set.yaml +++ b/.github/workflows/pr-change-set.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2022 - 2025, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. # This workflow checks and tests the package code, builds all package @@ -23,3 +23,47 @@ jobs: permissions: contents: read packages: read + + verify_artifacts: + needs: [build] + name: Verify artifacts + runs-on: ubuntu-latest + permissions: + contents: read + + steps: + + # Download all uploaded artifacts in the build job into the 'downloads' directory. + # This includes built package distributions and SHA256 hash files from some matrix jobs. + # The `path` input ensures all artifacts are placed under the 'downloads/' folder while + # maintaining their respective artifact subdirectory structure. + - name: Download artifact + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + with: + path: downloads + + # Verify hashes by first computing hashes for the artifacts and then comparing them + # against the hashes computed by the build job. + - name: Verify the artifact hash + run: | + set -euo pipefail + cd downloads + for ARCH in "ubuntu-x86-64" "ubuntu-arm64"; do + HASH_DIR="artifacts-sha256-file-${ARCH}" + ARTIFACT_DIR="artifacts-${ARCH}" + HASH_FILE="${HASH_DIR}/artifacts-sha256-file-${ARCH}" + + echo "Verifying artifacts for ${ARCH}" + echo "Decoding expected SHA256 digest:" + DECODED_HASH=$(base64 --decode "${HASH_FILE}") + echo "$DECODED_HASH" + + pushd "${ARTIFACT_DIR}" + echo "$DECODED_HASH" | sha256sum --strict --check --status || { + echo "Hash verification failed for ${ARCH}!" + exit 1 + } + popd + + echo "Hash verified successfully for ${ARCH}" + done diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9702ce5f4..95a117865 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,7 +13,6 @@ on: permissions: contents: read env: - ARTIFACT_NAME: artifact-ubuntu-latest-python-3.11 # This is the username and email for the user who commits and pushes the release # commit. In an organisation that should be a dedicated devops account. USER_NAME: behnazh-w @@ -133,18 +132,36 @@ jobs: - name: Download artifact uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: - name: ${{ env.ARTIFACT_NAME }} - path: dist + path: downloads # Verify hashes by first computing hashes for the artifacts and then comparing them # against the hashes computed by the build job. - name: Verify the artifact hash - env: - ARTIFACT_HASH: ${{ needs.build.outputs.artifacts-sha256 }} run: | set -euo pipefail - echo "Hash of package should be $ARTIFACT_HASH." - echo "$ARTIFACT_HASH" | base64 --decode | sha256sum --strict --check --status || exit 1 + cd downloads + for ARCH in "ubuntu-x86-64" "ubuntu-arm64"; do + HASH_DIR="artifacts-sha256-file-${ARCH}" + ARTIFACT_DIR="artifacts-${ARCH}" + HASH_FILE="${HASH_DIR}/artifacts-sha256-file-${ARCH}" + + echo "Verifying artifacts for ${ARCH}" + echo "Decoding expected SHA256 digest:" + DECODED_HASH=$(base64 --decode "${HASH_FILE}") + echo "$DECODED_HASH" + + pushd "${ARTIFACT_DIR}" + echo "$DECODED_HASH" | sha256sum --strict --check --status || { + echo "Hash verification failed for ${ARCH}!" + exit 1 + } + popd + + # Copy the target dist folder to the repo directory for the subsequent steps. + cp -r "${ARTIFACT_DIR}"/dist ../ + + echo "Hash verified successfully for ${ARCH}" + done # Log in to ghcr.io to push the Docker image. - name: Log in to GitHub Container Registry @@ -329,10 +346,9 @@ jobs: pages: write id-token: write with: - # TODO: use ${{ env.ARTIFACT_NAME }} when this issue is addressed: - # https://github.com/actions/runner/issues/2394. - artifact-name: artifact-ubuntu-latest-python-3.11 - artifact-sha256: ${{ needs.build.outputs.artifacts-sha256 }} + # TODO: use ${{ env.RELEASE_OS_X86_64 }} + # when this issue is addressed: https://github.com/actions/runner/issues/2394. + artifact-architecture: ubuntu-x86-64 # Send out release notifications after the Release was published on GitHub. # Uncomment the `if` to disable sending release notifications. diff --git a/Makefile b/Makefile index 029cdc163..c4afa1b3a 100644 --- a/Makefile +++ b/Makefile @@ -5,12 +5,35 @@ # https://www.gnu.org/software/make/manual/html_node/Choosing-the-Shell.html SHELL := bash -# Set the package's name, version, and path for use throughout the Makefile. +# Set the package's name and version for use throughout the Makefile. PACKAGE_NAME := macaron PACKAGE_VERSION := $(shell python -c $$'try: import $(PACKAGE_NAME); print($(PACKAGE_NAME).__version__);\nexcept: print("unknown");') + +# Determine the OS,architecture, and number of cores. +OS := $(shell uname -s) +ifeq ($(OS),Darwin) + PLATFORM_NAME := macosx + OS_DISTRO := "Darwin" +else + ifeq ($(OS),Linux) + PLATFORM_NAME := linux + OS_DISTRO := "$(shell grep '^NAME=' /etc/os-release | sed 's/^NAME=//' | sed 's/"//g')" + OS_MAJOR_VERSION := "$(shell grep '^VERSION=' /etc/os-release | sed -r 's/^[^0-9]+([0-9]+)\..*/\1/')" + endif +endif +ARCH := $(shell uname -m) +NPROC := $(shell nproc) + +# Construct short package identifier. +PACKAGE_SDIST_NAME := $(PACKAGE_NAME)-$(PACKAGE_VERSION) + +# Construct full package identifier. +PACKAGE_WHEEL_DIST_NAME := $(PACKAGE_NAME)-$(PACKAGE_VERSION)-py3-none-$(PLATFORM_NAME)_$(ARCH) + +# Set the Python version, package, and repo paths. +PYTHON ?= python3.11 PACKAGE_PATH := $(shell pwd)/src/$(PACKAGE_NAME) REPO_PATH := $(shell pwd) -PYTHON ?= python3.11 # This variable contains the first goal that matches any of the listed goals # here, else it contains an empty string. The net effect is to filter out @@ -134,18 +157,9 @@ $(PACKAGE_PATH)/resources/schemastore/NOTICE: && wget https://raw.githubusercontent.com/SchemaStore/schemastore/a1689388470d1997f2e5ebd8b430e99587b8d354/NOTICE \ && cd $(REPO_PATH) -# Supports OL8+, Fedora 34+, Ubuntu 22.04+ and 24.04+, and macOS. -OS := "$(shell uname)" -ifeq ($(OS), "Darwin") - OS_DISTRO := "Darwin" -else - ifeq ($(OS), "Linux") - OS_DISTRO := "$(shell grep '^NAME=' /etc/os-release | sed 's/^NAME=//' | sed 's/"//g')" - OS_MAJOR_VERSION := "$(shell grep '^VERSION=' /etc/os-release | sed -r 's/^[^0-9]+([0-9]+)\..*/\1/')" - endif -endif # If Souffle cannot be installed, we advise the user to install it manually # and return status code 0, which is not considered a failure. +# Supports OL8+, Fedora 34+, Ubuntu 22.04+ and 24.04+, and macOS. .PHONY: souffle souffle: if ! command -v souffle; then \ @@ -156,15 +170,27 @@ souffle: "Fedora Linux") \ sudo dnf -y install https://github.com/souffle-lang/souffle/releases/download/2.5/x86_64-fedora-41-souffle-2.5-Linux.rpm;; \ "Ubuntu") \ - if [ $(OS_MAJOR_VERSION) == "24" ]; then \ - wget https://github.com/souffle-lang/souffle/releases/download/2.5/x86_64-ubuntu-2404-souffle-2.5-Linux.deb -O ./souffle.deb; \ - elif [ $(OS_MAJOR_VERSION) == "22" ]; then \ - wget https://github.com/souffle-lang/souffle/releases/download/2.5/x86_64-ubuntu-2204-souffle-2.5-Linux.deb -O ./souffle.deb; \ - else \ - echo "Unsupported Ubuntu major version: $(OS_MAJOR_VERSION)"; exit 0; \ - fi; \ - sudo apt install ./souffle.deb; \ - rm ./souffle.deb;; \ + if [ $(ARCH) == "aarch64" ]; then \ + sudo apt-get install -y \ + bison cmake flex g++ libffi-dev libncurses-dev libsqlite3-dev zlib1g-dev; \ + pushd /tmp; \ + git clone --depth=1 --branch 2.5 https://github.com/souffle-lang/souffle; \ + pushd souffle; \ + cmake -S . -B build -DSOUFFLE_DOMAIN_64BIT=ON -DCMAKE_INSTALL_PREFIX="/usr/local"; \ + sudo cmake --build build --target install -j $(NPROC); \ + popd; \ + rm -rf souffle; \ + elif [ $(ARCH) == "x86_64" ]; then \ + if [ $(OS_MAJOR_VERSION) == "24" ]; then \ + wget https://github.com/souffle-lang/souffle/releases/download/2.5/x86_64-ubuntu-2404-souffle-2.5-Linux.deb -O ./souffle.deb; \ + elif [ $(OS_MAJOR_VERSION) == "22" ]; then \ + wget https://github.com/souffle-lang/souffle/releases/download/2.5/x86_64-ubuntu-2204-souffle-2.5-Linux.deb -O ./souffle.deb; \ + else \ + echo "Unsupported Ubuntu major version: $(OS_MAJOR_VERSION)"; exit 0; \ + fi; \ + sudo apt install ./souffle.deb; \ + rm ./souffle.deb; \ + fi;; \ "Darwin") \ if command -v brew; then \ brew install --HEAD souffle-lang/souffle/souffle; \ @@ -237,8 +263,8 @@ setup-integration-test-utility-for-docker: # Generate a Software Bill of Materials (SBOM). .PHONY: sbom sbom: requirements - cyclonedx-py requirements --output-format json --outfile dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-sbom.json - $$HOME/go/bin/cyclonedx-gomod mod -json -output dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-sbom-go.json $(REPO_PATH) + cyclonedx-py requirements --output-format json --outfile dist/$(PACKAGE_WHEEL_DIST_NAME)-sbom.json + $$HOME/go/bin/cyclonedx-gomod mod -json -output dist/$(PACKAGE_WHEEL_DIST_NAME)-sbom-go.json $(REPO_PATH) # Generate a requirements.txt file containing version and integrity hashes for all # packages currently installed in the virtual environment. There's no easy way to @@ -260,14 +286,14 @@ requirements.txt: pyproject.toml [[ $$pkg =~ (.*)==(.*) ]] && curl -s https://pypi.org/pypi/$${BASH_REMATCH[1]}/$${BASH_REMATCH[2]}/json | python -c "import json, sys; print(''.join(f''' \\\\\n --hash=sha256:{pkg['digests']['sha256']}''' for pkg in json.load(sys.stdin)['urls']));" >> requirements.txt; \ done echo -e -n "$(PACKAGE_NAME)==$(PACKAGE_VERSION)" >> requirements.txt - if [ -f dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz ]; then \ - echo -e -n " \\\\\n $$(python -m pip hash --algorithm sha256 dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz | grep '^\-\-hash')" >> requirements.txt; \ + if [ -f dist/$(PACKAGE_SDIST_NAME).tar.gz ]; then \ + echo -e -n " \\\\\n $$(python -m pip hash --algorithm sha256 dist/$(PACKAGE_SDIST_NAME).tar.gz | grep '^\-\-hash')" >> requirements.txt; \ fi - if [ -f dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-py3-none-any.whl ]; then \ - echo -e -n " \\\\\n $$(python -m pip hash --algorithm sha256 dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-py3-none-any.whl | grep '^\-\-hash')" >> requirements.txt; \ + if [ -f dist/$(PACKAGE_WHEEL_DIST_NAME).whl ]; then \ + echo -e -n " \\\\\n $$(python -m pip hash --algorithm sha256 dist/$(PACKAGE_WHEEL_DIST_NAME).whl | grep '^\-\-hash')" >> requirements.txt; \ fi echo "" >> requirements.txt - cp requirements.txt dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-requirements.txt + cp requirements.txt dist/$(PACKAGE_WHEEL_DIST_NAME)-requirements.txt # Audit the currently installed packages. Skip packages that are installed in # editable mode (like the one in development here) because they may not have @@ -358,15 +384,16 @@ integration-test-update: # When building these artifacts, we need the environment variable SOURCE_DATE_EPOCH # set to the build date/epoch. For more details, see: https://flit.pypa.io/en/latest/reproducible.html .PHONY: dist -dist: dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-py3-none-any.whl dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-docs-html.zip dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-build-epoch.txt +dist: dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-py3-none-any.whl dist/$(PACKAGE_SDIST_NAME).tar.gz dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-docs-html.zip dist/$(PACKAGE_WHEEL_DIST_NAME)-build-epoch.txt dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-py3-none-any.whl: check test integration-test - flit build --setup-py --format wheel -dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz: check test integration-test - flit build --setup-py --format sdist + SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) flit build --setup-py --format wheel + mv dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-py3-none-any.whl dist/$(PACKAGE_WHEEL_DIST_NAME).whl +dist/$(PACKAGE_SDIST_NAME).tar.gz: check test integration-test + SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) flit build --setup-py --format sdist dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-docs-html.zip: docs - python -m zipfile -c dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-docs-html.zip docs/_build/html -dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-build-epoch.txt: - echo $(SOURCE_DATE_EPOCH) > dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-build-epoch.txt + python -m zipfile -c dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-docs-html.zip docs/_build/html/ +dist/$(PACKAGE_WHEEL_DIST_NAME)-build-epoch.txt: + echo $(SOURCE_DATE_EPOCH) > dist/$(PACKAGE_WHEEL_DIST_NAME)-build-epoch.txt # Build the HTML documentation from the package's source. .PHONY: docs