Python
/
uv
mirror of https://github.com/astral-sh/uv
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Pin the maturin version in the release pipeline (#16439) 

This should avoid hitting the GitHub API to determine the latest
release, and more generally we should not automatically fetch the latest
version of Maturin in our release pipeline as it opens us to
supply-chain attacks.
This commit is contained in:
Zanie Blue 2025-10-24 13:16:30 -05:00 committed by GitHub
parent 2baee75a94
commit 3ff3ae2062
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.github/workflows/build-binaries.yml vendored
View File

@ -61,6 +61,7 @@ jobs:
- name: "Build sdist" - name: "Build sdist"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
command: sdist command: sdist
args: --out dist args: --out dist
- name: "Test sdist" - name: "Test sdist"
@ -81,6 +82,7 @@ jobs:
- name: "Build sdist uv-build" - name: "Build sdist uv-build"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
command: sdist command: sdist
args: --out crates/uv-build/dist -m crates/uv-build/Cargo.toml args: --out crates/uv-build/dist -m crates/uv-build/Cargo.toml
- name: "Test sdist uv-build" - name: "Test sdist uv-build"
@ -113,6 +115,7 @@ jobs:
- name: "Build wheels - x86_64" - name: "Build wheels - x86_64"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: x86_64 target: x86_64
args: --release --locked --out dist --features self-update args: --release --locked --out dist --features self-update
- name: "Upload wheels" - name: "Upload wheels"
@ -143,6 +146,7 @@ jobs:
- name: "Build wheels uv-build - x86_64" - name: "Build wheels uv-build - x86_64"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: x86_64 target: x86_64
args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml
- name: "Upload wheels uv-build" - name: "Upload wheels uv-build"
@ -170,6 +174,7 @@ jobs:
- name: "Build wheels - aarch64" - name: "Build wheels - aarch64"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: aarch64 target: aarch64
args: --release --locked --out dist --features self-update args: --release --locked --out dist --features self-update
- name: "Test wheel - aarch64" - name: "Test wheel - aarch64"
@ -206,6 +211,7 @@ jobs:
- name: "Build wheels uv-build - aarch64" - name: "Build wheels uv-build - aarch64"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: aarch64 target: aarch64
args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml
- name: "Test wheel - aarch64" - name: "Test wheel - aarch64"
@ -247,6 +253,7 @@ jobs:
- name: "Build wheels" - name: "Build wheels"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.platform.target }} target: ${{ matrix.platform.target }}
args: --release --locked --out dist --features self-update,windows-gui-bin args: --release --locked --out dist --features self-update,windows-gui-bin
- name: "Test wheel" - name: "Test wheel"
@ -285,6 +292,7 @@ jobs:
- name: "Build wheels uv-build" - name: "Build wheels uv-build"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.platform.target }} target: ${{ matrix.platform.target }}
args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml
- name: "Test wheel uv-build" - name: "Test wheel uv-build"
@ -324,6 +332,7 @@ jobs:
- name: "Build wheels" - name: "Build wheels"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.target }} target: ${{ matrix.target }}
# Generally, we try to build in a target docker container. In this case however, a # Generally, we try to build in a target docker container. In this case however, a
# 32-bit compiler runs out of memory (4GB memory limit for 32-bit), so we cross compile # 32-bit compiler runs out of memory (4GB memory limit for 32-bit), so we cross compile
@ -390,6 +399,7 @@ jobs:
- name: "Build wheels uv-build" - name: "Build wheels uv-build"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.target }} target: ${{ matrix.target }}
manylinux: auto manylinux: auto
args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml
@ -437,6 +447,7 @@ jobs:
- name: "Build wheels" - name: "Build wheels"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.platform.target }} target: ${{ matrix.platform.target }}
# On `aarch64`, use `manylinux: 2_28`; otherwise, use `manylinux: auto`. # On `aarch64`, use `manylinux: 2_28`; otherwise, use `manylinux: auto`.
manylinux: ${{ matrix.platform.arch == 'aarch64' && '2_28' || 'auto' }} manylinux: ${{ matrix.platform.arch == 'aarch64' && '2_28' || 'auto' }}
@ -490,6 +501,7 @@ jobs:
- name: "Build wheels uv-build" - name: "Build wheels uv-build"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.platform.target }} target: ${{ matrix.platform.target }}
# On `aarch64`, use `manylinux: 2_28`; otherwise, use `manylinux: auto`. # On `aarch64`, use `manylinux: 2_28`; otherwise, use `manylinux: auto`.
manylinux: ${{ matrix.platform.arch == 'aarch64' && '2_28' || 'auto' }} manylinux: ${{ matrix.platform.arch == 'aarch64' && '2_28' || 'auto' }}
@ -544,6 +556,7 @@ jobs:
- name: "Build wheels" - name: "Build wheels"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.platform.target }} target: ${{ matrix.platform.target }}
manylinux: auto manylinux: auto
docker-options: ${{ matrix.platform.maturin_docker_options }} docker-options: ${{ matrix.platform.maturin_docker_options }}
@ -598,6 +611,7 @@ jobs:
- name: "Build wheels uv-build" - name: "Build wheels uv-build"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.platform.target }} target: ${{ matrix.platform.target }}
manylinux: auto manylinux: auto
docker-options: ${{ matrix.platform.maturin_docker_options }} docker-options: ${{ matrix.platform.maturin_docker_options }}
@ -657,6 +671,7 @@ jobs:
- name: "Build wheels" - name: "Build wheels"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.platform.target }} target: ${{ matrix.platform.target }}
manylinux: auto manylinux: auto
docker-options: ${{ matrix.platform.maturin_docker_options }} docker-options: ${{ matrix.platform.maturin_docker_options }}
@ -715,6 +730,7 @@ jobs:
- name: "Build wheels uv-build" - name: "Build wheels uv-build"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.platform.target }} target: ${{ matrix.platform.target }}
manylinux: auto manylinux: auto
docker-options: ${{ matrix.platform.maturin_docker_options }} docker-options: ${{ matrix.platform.maturin_docker_options }}
@ -759,6 +775,7 @@ jobs:
- name: "Build wheels" - name: "Build wheels"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.platform.target }} target: ${{ matrix.platform.target }}
manylinux: auto manylinux: auto
docker-options: ${{ matrix.platform.maturin_docker_options }} docker-options: ${{ matrix.platform.maturin_docker_options }}
@ -812,6 +829,7 @@ jobs:
- name: "Build wheels uv-build" - name: "Build wheels uv-build"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.platform.target }} target: ${{ matrix.platform.target }}
manylinux: auto manylinux: auto
docker-options: ${{ matrix.platform.maturin_docker_options }} docker-options: ${{ matrix.platform.maturin_docker_options }}
@ -864,6 +882,7 @@ jobs:
- name: "Build wheels" - name: "Build wheels"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.target }} target: ${{ matrix.target }}
manylinux: musllinux_1_1 manylinux: musllinux_1_1
args: --release --locked --out dist --features self-update args: --release --locked --out dist --features self-update
@ -912,6 +931,7 @@ jobs:
- name: "Build wheels uv-build" - name: "Build wheels uv-build"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.target }} target: ${{ matrix.target }}
manylinux: musllinux_1_1 manylinux: musllinux_1_1
args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml args: --profile minimal-size --locked --out crates/uv-build/dist -m crates/uv-build/Cargo.toml
@ -962,6 +982,7 @@ jobs:
- name: "Build wheels" - name: "Build wheels"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.platform.target }} target: ${{ matrix.platform.target }}
manylinux: musllinux_1_1 manylinux: musllinux_1_1
args: --release --locked --out dist --features self-update ${{ matrix.platform.arch == 'aarch64' && '--compatibility 2_17' || ''}} args: --release --locked --out dist --features self-update ${{ matrix.platform.arch == 'aarch64' && '--compatibility 2_17' || ''}}
@ -1034,6 +1055,7 @@ jobs:
- name: "Build wheels" - name: "Build wheels"
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
with: with:
maturin-version: v1.9.6
target: ${{ matrix.platform.target }} target: ${{ matrix.platform.target }}
manylinux: musllinux_1_1 manylinux: musllinux_1_1
args: --profile minimal-size --locked ${{ matrix.platform.arch == 'aarch64' && '--compatibility 2_17' || ''}} --out crates/uv-build/dist -m crates/uv-build/Cargo.toml args: --profile minimal-size --locked ${{ matrix.platform.arch == 'aarch64' && '--compatibility 2_17' || ''}} --out crates/uv-build/dist -m crates/uv-build/Cargo.toml