@@ -45,7 +45,7 @@ The build system uses `CFD_STATIC_LINK` to control linking and `CFD_USE_STABLE_A
4545
4646``` cmake
4747option(CFD_STATIC_LINK "Statically link the CFD library" ON)
48- option(CFD_USE_STABLE_ABI "Use Python stable ABI for cross-version compatibility" OFF )
48+ option(CFD_USE_STABLE_ABI "Use Python stable ABI for cross-version compatibility" ON )
4949
5050# Static library discovery with platform-specific names
5151if(CFD_STATIC_LINK)
@@ -188,7 +188,13 @@ jobs:
188188 with :
189189 repository : ${{ github.repository_owner }}/cfd
190190 path : cfd
191- - name : Build CFD library
191+ - name : Build CFD library (Unix)
192+ if : runner.os != 'Windows'
193+ run : |
194+ cmake -S cfd -B cfd/build -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_POSITION_INDEPENDENT_CODE=ON
195+ cmake --build cfd/build --config Release
196+ name : Build CFD library (Windows)
197+ if : runner.os == 'Windows'
192198 run : |
193199 cmake -S cfd -B cfd/build -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF
194200 cmake --build cfd/build --config Release
@@ -254,23 +260,60 @@ jobs:
254260 permissions :
255261 id-token : write # Required for trusted publishing
256262 steps :
257- - uses : actions/download-artifact@v4
263+ - name : Download wheels
264+ uses : actions/download-artifact@v4
265+ with :
266+ pattern : wheel-*
267+ path : dist
268+ merge-multiple : true
269+ - name : Download sdist
270+ uses : actions/download-artifact@v4
271+ with :
272+ name : sdist
273+ path : dist
258274 - name : Validate artifacts
259275 run : |
260- # Ensure at least 3 wheels (linux, macos, windows) and 1 sdist
261- uses : pypa/gh-action-pypi-publish@release/v1
276+ ls -la dist/
277+ WHEELS=$(ls dist/*.whl 2>/dev/null | wc -l)
278+ SDIST=$(ls dist/*.tar.gz 2>/dev/null | wc -l)
279+ echo "Found $WHEELS wheel(s) and $SDIST sdist(s)"
280+ if [ "$WHEELS" -lt 3 ]; then
281+ echo "ERROR: Expected at least 3 wheels (linux, macos, windows)"
282+ exit 1
283+ fi
284+ # Pin to SHA to prevent supply-chain attacks (id-token: write is sensitive)
285+ - uses : pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
262286 with :
263287 repository-url : https://test.pypi.org/legacy/
264288
265289 publish_pypi :
266290 needs : [build, build_sdist]
267- if : github.event_name == 'release' || startsWith(github.ref, 'refs/tags/v')
291+ if : github.event_name == 'release' || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) || (github.event_name == 'workflow_dispatch' && github.event.inputs.target == 'pypi ')
268292 environment : pypi
269293 permissions :
270294 id-token : write
271295 steps :
272- - uses : actions/download-artifact@v4
273- - uses : pypa/gh-action-pypi-publish@release/v1
296+ - name : Download wheels
297+ uses : actions/download-artifact@v4
298+ with :
299+ pattern : wheel-*
300+ path : dist
301+ merge-multiple : true
302+ - name : Download sdist
303+ uses : actions/download-artifact@v4
304+ with :
305+ name : sdist
306+ path : dist
307+ - name : Validate artifacts
308+ run : |
309+ ls -la dist/
310+ WHEELS=$(ls dist/*.whl 2>/dev/null | wc -l)
311+ SDIST=$(ls dist/*.tar.gz 2>/dev/null | wc -l)
312+ if [ "$WHEELS" -lt 3 ] || [ "$SDIST" -lt 1 ]; then
313+ echo "ERROR: Missing artifacts"; exit 1
314+ fi
315+ # Pin to SHA to prevent supply-chain attacks (id-token: write is sensitive)
316+ - uses : pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
274317` ` `
275318
276319### Trusted Publishing Setup
0 commit comments