@@ -51,17 +51,13 @@ jobs:
5151 - name : Build wheels with cibuildwheel
5252 uses : pypa/cibuildwheel@v2.21.3
5353 env :
54- # CPython versions to build (match CI tests)
5554 CIBW_BUILD : cp310-* cp311-* cp312-*
5655 CIBW_SKIP : pp* *-musllinux_*
5756 CIBW_ARCHS_LINUX : x86_64 aarch64
58- # Use newer manylinux images for toolchain consistency
5957 CIBW_MANYLINUX_X86_64_IMAGE : manylinux_2_28
6058 CIBW_MANYLINUX_AARCH64_IMAGE : manylinux_2_28
61- # Build FFTW from source and stage Boost headers for CMake
6259 CIBW_BEFORE_ALL_LINUX : |
6360 set -eux
64- # Ensure pkg-config is present in the manylinux container
6561 if command -v yum >/dev/null 2>&1; then
6662 yum -y install pkgconfig || true
6763 fi
@@ -74,26 +70,19 @@ jobs:
7470 make install
7571 popd
7672
77- # Boost headers (header-only; no build needed). Use archives.boost.io and .tar.gz for reliability
7873 BOOST_U=1_84_0
7974 BOOST_D=1.84.0
8075 curl -fsSL -o boost.tar.gz https://archives.boost.io/release/${BOOST_D}/source/boost_${BOOST_U}.tar.gz
8176 tar -xzf boost.tar.gz
8277 mkdir -p /opt/boost/include
8378 cp -r boost_${BOOST_U}/boost /opt/boost/include/
84-
85- # Help CMake find FFTW via pkg-config and Boost headers via define
8679CIBW_ENVIRONMENT_LINUX : >
8780 PKG_CONFIG_PATH=/opt/fftw/lib/pkgconfig
8881 CMAKE_PREFIX_PATH=/opt/fftw
8982 CMAKE_ARGS="-DHF_USE_OPENMP=ON -DHF_USE_FFTW_THREADS=ON -DBOOST_INCLUDE_DIR=/opt/boost/include"
90- # Ensure auditwheel can find FFTW during repair
9183CIBW_REPAIR_WHEEL_COMMAND_LINUX : >
9284 bash -lc 'LD_LIBRARY_PATH=/opt/fftw/lib auditwheel repair -w {dest_dir} {wheel}'
93-
94- # Ensure numpy is available for the test snippet
9585CIBW_TEST_REQUIRES : numpy
96- # Quick import + tiny run test inside the wheel env (use literal block to preserve newlines)
9786 CIBW_TEST_COMMAND : |
9887 python - <<'PY'
9988 import numpy as np, cpp_hf
@@ -135,9 +124,7 @@ jobs:
135124 env :
136125 HOMEBREW_NO_AUTO_UPDATE : " 1"
137126 run : |
138- # Clean any stale/partial downloads that can trip SHA checks
139127 rm -f "$HOME/Library/Caches/Homebrew/downloads/"*libomp* || true
140- # Install without updating metadata to avoid transient API issues
141128 brew install fftw libomp boost cmake ninja || true
142129
143130name : Build wheels with cibuildwheel
@@ -146,14 +133,11 @@ jobs:
146133 CIBW_BUILD : cp310-* cp311-* cp312-*
147134 CIBW_SKIP : pp*
148135 CIBW_ARCHS_MACOS : native
149- # Ensure pkg-config sees Homebrew's .pc files across both arch locations; set CMake deployment target
150136 CIBW_ENVIRONMENT_MACOS : >
151137 PKG_CONFIG_PATH=/opt/homebrew/lib/pkgconfig:/usr/local/lib/pkgconfig
152138 CMAKE_ARGS="-DHF_USE_OPENMP=ON -DHF_USE_FFTW_THREADS=ON -DCMAKE_OSX_DEPLOYMENT_TARGET=${MACOSX_DEPLOYMENT_TARGET}"
153- # Help delocate find Homebrew-provided dylibs and enforce arch slice
154139CIBW_REPAIR_WHEEL_COMMAND_MACOS : >
155140 bash -lc 'delocate-listdeps -d {wheel} || true; MACOSX_DEPLOYMENT_TARGET=${MACOSX_DEPLOYMENT_TARGET} delocate-wheel -L /opt/homebrew/lib -L /usr/local/lib --require-archs {delocate_archs} -w {dest_dir} -v {wheel}'
156-
157141CIBW_TEST_REQUIRES : numpy
158142 CIBW_TEST_COMMAND : |
159143 python - <<'PY'
@@ -169,7 +153,6 @@ jobs:
169153 print("wheel ok", int(n), float(mu))
170154 PY
171155
172-
173156name : Upload macOS wheels
174157 uses : actions/upload-artifact@v4
175158 with :
@@ -181,6 +164,8 @@ jobs:
181164 name : Publish to PyPI
182165 needs : [sdist, wheels-linux, wheels-macos]
183166 runs-on : ubuntu-latest
167+ # 🔐 Ensure the OIDC token includes the environment claim
168+ environment : cpp_hf_env
184169 permissions :
185170 contents : read
186171 id-token : write
@@ -193,6 +178,7 @@ jobs:
193178 path : dist
194179
195180 - name : Publish to PyPI via OIDC (Trusted Publisher)
181+ if : startsWith(github.ref, 'refs/tags/v') # publish only on v* tags
196182 uses : pypa/gh-action-pypi-publish@release/v1
197183 with :
198184 packages-dir : dist/
0 commit comments