Skip to content

CD

CD #9

Workflow file for this run

# This workflow is where we publish the PSI library to the various CDNs such as
# PyPi, NPM, etc.
#
# We're making the decision to publish only if all tests for all supported
# platforms and runtime versions have passed. The accepted tradeoff is that we
# reduce the risk of publishing builds that are not compatable with each other
# but increase time to delivery. We're okay with a delay becasue of
# optimizations in CI testing that offset the turn-around testing bug fixes.
name: CD
on:
release:
types: [created]
jobs:
Core:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-24.04, macos-14]
steps:
- uses: actions/checkout@v4
- name: Run tests nix
timeout-minutes: 60
run: .github/workflows/scripts/run_tests_core.sh
- name: Linters
run: .github/workflows/scripts/lint_cpp.sh
if: ${{ matrix.os == 'ubuntu-24.04' }}
JS:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-24.04, macos-14]
steps:
- uses: actions/checkout@v4
- name: Run tests nix
timeout-minutes: 60
run: .github/workflows/scripts/run_tests_js.sh
Python:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-24.04, macos-14]
# Bazel uses hermetic python, these are just placeholders
python-version: ['3_8', '3_9', '3_10', '3_11']
steps:
- uses: actions/checkout@v4
- name: Run tests nix
timeout-minutes: 30
run: bazel test --test_output=all //private_set_intersection/python:test_${{ matrix.python-version }}
Go:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-24.04, macos-14]
golang-version: ['1.23']
steps:
- name: Set up Golang ${{ matrix.golang-version }}
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.golang-version }}
id: go
- name: Install Go dependencies
run: go install golang.org/x/lint/golint@latest
- uses: actions/checkout@v4
- name: Run tests nix
timeout-minutes: 30
run: .github/workflows/scripts/run_tests_go.sh
- name: Go linters
run: .github/workflows/scripts/lint_go.sh
Rust:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-24.04, macos-14]
steps:
- name: Install toolchains
uses: actions-rs/toolchain@v1
with:
toolchain: stable
default: true
- uses: actions/checkout@v4
- name: Run tests nix
timeout-minutes: 30
run: .github/workflows/scripts/run_tests_rust.sh
# Publish python releases only if all other tests have passed after creating a
# release.
Publish-python-legacy:
needs: [Core, JS, Go, Python, Rust]
if: ${{ github.event_name == 'release' }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
# Handling boundary conditions of: https://github.com/pypa/manylinux
python-version: ['3.8.0', '3.8.4', '3.9.0']
os: [ubuntu-20.04]
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Build and publish the python wheel
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.OM_PSI_PYPI_TOKEN }}
run: |
python -m pip install --upgrade pip
pip install twine packaging
bazel build -c opt //private_set_intersection/python:wheel
python private_set_intersection/python/rename.py
twine upload --skip-existing bazel-bin/private_set_intersection/python/openmined.psi-*
Publish-python:
needs: [Core, JS, Go, Python, Rust]
if: ${{ github.event_name == 'release' }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
python-version: ['3.8', '3.9', '3.10', '3.11']
os: [ubuntu-24.04, ubuntu-22.04, ubuntu-20.04, macos-14, macos-14-large]
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Build and publish the python wheel
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.OM_PSI_PYPI_TOKEN }}
run: |
python -m pip install --upgrade pip
pip install twine packaging
bazel build -c opt //private_set_intersection/python:wheel
python private_set_intersection/python/rename.py
twine upload --skip-existing bazel-bin/private_set_intersection/python/openmined.psi-*