Refactor GitHub Actions for Python publishing#190
Conversation
There was a problem hiding this comment.
Pull request overview
Refactors the GitHub Actions workflow responsible for publishing the project’s Python package on GitHub Releases, aiming to build and upload distributions across multiple Python versions.
Changes:
- Renames the publish job and introduces a Python-version matrix (3.9–3.13).
- Builds both sdist and wheel distributions during the workflow run.
- Publishes wheels for each matrix entry and publishes the sdist once via a matrix conditional.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Build sdist and wheel for each version | ||
| - name: Build distributions | ||
| run: | | ||
| python setup.py sdist | ||
| python setup.py bdist_wheel | ||
|
|
||
| # Upload wheel for each Python version | ||
| - name: Publish wheel | ||
| env: | ||
| TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }} | ||
| TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} | ||
| run: | | ||
| twine upload dist/*.whl | ||
|
|
There was a problem hiding this comment.
This job uploads Linux wheels built directly on ubuntu-latest via setup.py bdist_wheel. Those wheels will be tagged for the runner’s platform/glibc and can be incompatible with many user Linux environments; publishing them to PyPI can cause pip to prefer a wheel that later fails to import/run. Consider switching to a manylinux-based wheel build (e.g., cibuildwheel) or publishing only sdist unless you’re also producing portable wheels (and ideally for macOS/Windows too).
| # Build sdist and wheel for each version | |
| - name: Build distributions | |
| run: | | |
| python setup.py sdist | |
| python setup.py bdist_wheel | |
| # Upload wheel for each Python version | |
| - name: Publish wheel | |
| env: | |
| TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }} | |
| TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} | |
| run: | | |
| twine upload dist/*.whl | |
| # Build sdist for each version | |
| - name: Build sdist | |
| run: | | |
| python setup.py sdist |
|
|
||
| # Upload sdist only once (e.g., on the oldest version) | ||
| - name: Publish sdist | ||
| if: matrix.python-version == '3.10' |
There was a problem hiding this comment.
The comment says the sdist is uploaded "only once (e.g., on the oldest version)", but the condition uses Python 3.10 even though the matrix includes 3.9. Either update the condition to match the intended "oldest" version or adjust the comment so future readers don’t get misled.
| if: matrix.python-version == '3.10' | |
| if: matrix.python-version == '3.9' |
| - name: Install dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip numpy cython | ||
| pip install setuptools wheel twine |
There was a problem hiding this comment.
In matrix workflows it’s safer to consistently use python -m pip ... instead of calling pip directly, to ensure you’re installing into the interpreter selected by setup-python for that matrix entry.
| pip install setuptools wheel twine | |
| python -m pip install setuptools wheel twine |
| env: | ||
| TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }} | ||
| TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} | ||
| run: | |
There was a problem hiding this comment.
This workflow authenticates Twine using username/password-style secrets. If these are real credentials (not an API token), that’s a higher-risk secret with broad account access. Prefer using a PyPI API token (TWINE_USERNAME=token) or GitHub’s PyPI trusted publishing (OIDC) to avoid long-lived passwords.
| - uses: actions/checkout@v1 | ||
|
|
||
| - name: Set up Python ${{ matrix.python-version }} | ||
| uses: actions/setup-python@v1 |
There was a problem hiding this comment.
actions/checkout@v1 and actions/setup-python@v1 are very old and inconsistent with the rest of this repo’s workflows (e.g., .github/workflows/ci.yml and build-release.yml use checkout@v4 and setup-python@v5). Updating to the newer major versions avoids relying on deprecated Node runtimes and gets the current action security fixes.
| - uses: actions/checkout@v1 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v1 | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 |
No description provided.