From 05e6eb0208dc086bf62e2ec0b1cbde0efbde66ed Mon Sep 17 00:00:00 2001 From: Marvin Friede <51965259+marvinfriede@users.noreply.github.com> Date: Sat, 14 Dec 2024 21:15:04 -0600 Subject: [PATCH] Fix zizmor security issues in GA (#272) --- .github/workflows/codeql.yml | 10 +- .github/workflows/docs.yml | 66 ++- .github/workflows/fortran-build.yml | 673 +++++++++++++++------------- .github/workflows/wheel.yml | 107 +++-- 4 files changed, 464 insertions(+), 392 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b014a4c15..a95f57ff7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,9 +2,9 @@ name: "CodeQL" on: push: - branches: [ "main" ] + branches: ["main"] pull_request: - branches: [ "main" ] + branches: ["main"] schedule: - cron: "6 8 * * 2" @@ -20,11 +20,13 @@ jobs: strategy: fail-fast: false matrix: - language: [ python ] + language: [python] steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + persist-credentials: false - name: Initialize CodeQL uses: github/codeql-action/init@v2 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 818bf3b26..e77ed25e7 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -13,24 +13,48 @@ jobs: build-and-deploy: runs-on: ubuntu-latest steps: - - id: deploy-on-push - run: - echo "::set-output name=result::${{ env.DEPLOY_BRANCH }}" - env: - DEPLOY_BRANCH: ${{ secrets.DEPLOY_BRANCH && contains(github.ref, secrets.DEPLOY_BRANCH) && 1 || 0 }} - - uses: actions/checkout@v2 - - uses: actions/setup-python@v1 - with: - python-version: '3.x' - - name: Install dependencies - run: pip install ford - - name: Build Documentation - run: ford ford.md - - uses: JamesIves/github-pages-deploy-action@4.1.6 - if: ${{ github.event_name == 'push' && steps.deploy-on-push.outputs.result != 0 }} - with: - branch: gh-pages - folder: _docs - single-commit: true - git-config-email: 49320512+dftd4@users.noreply.github.com - git-config-name: DFT-D4 + - id: deploy-on-push + run: echo "result=$DEPLOY_BRANCH" >> $GITHUB_OUTPUT + env: + DEPLOY_BRANCH: ${{ secrets.DEPLOY_BRANCH && contains(github.ref, secrets.DEPLOY_BRANCH) && '1' || '0' }} + + - name: Set DEPLOY_BRANCH + id: set-deploy-branch + run: echo "DEPLOY_BRANCH=$DEPLOY_BRANCH" >> $GITHUB_ENV + env: + DEPLOY_BRANCH: ${{ secrets.DEPLOY_BRANCH && contains(github.ref, secrets.DEPLOY_BRANCH) && '1' || '0' }} + + - name: Validate DEPLOY_BRANCH + run: | + if [[ "$DEPLOY_BRANCH" != "1" && "$DEPLOY_BRANCH" != "0" ]]; then + echo "Invalid DEPLOY_BRANCH value: $DEPLOY_BRANCH" + exit 1 + fi + env: + DEPLOY_BRANCH: ${{ env.DEPLOY_BRANCH }} + + - name: Checkout code + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: "3.x" + + - name: Install dependencies + run: pip install ford + + - name: Build Documentation + run: ford ford.md + + - name: Deploy to GitHub Pages + uses: JamesIves/github-pages-deploy-action@4.1.6 + if: ${{ github.event_name == 'push' && steps.deploy-on-push.outputs.result != '0' }} + with: + branch: gh-pages + folder: _docs + single-commit: true + git-config-email: 49320512+dftd4@users.noreply.github.com + git-config-name: DFT-D4 diff --git a/.github/workflows/fortran-build.yml b/.github/workflows/fortran-build.yml index 189ac689d..ac5368d54 100644 --- a/.github/workflows/fortran-build.yml +++ b/.github/workflows/fortran-build.yml @@ -58,47 +58,47 @@ jobs: version: [12] include: - - os: ubuntu-20.04 - build: cmake - build-type: debug - compiler: gnu - version: 8 - - - os: macos-13 - build: cmake - build-type: debug - compiler: gnu - version: 10 - - - os: macos-13 - build: meson - build-type: debug - compiler: gnu - version: 10 - - - os: ubuntu-latest - build: meson - build-type: coverage - compiler: gnu - version: 9 - - - os: ubuntu-latest - build: meson - build-type: debug - compiler: gnu - version: 10 - - - os: ubuntu-latest - build: meson - build-type: debug - compiler: intel - version: 2021.2.0 - - - os: ubuntu-latest - build: fpm - build-type: debug - compiler: gnu - version: 10 + - os: ubuntu-20.04 + build: cmake + build-type: debug + compiler: gnu + version: 8 + + - os: macos-13 + build: cmake + build-type: debug + compiler: gnu + version: 10 + + - os: macos-13 + build: meson + build-type: debug + compiler: gnu + version: 10 + + - os: ubuntu-latest + build: meson + build-type: coverage + compiler: gnu + version: 9 + + - os: ubuntu-latest + build: meson + build-type: debug + compiler: gnu + version: 10 + + - os: ubuntu-latest + build: meson + build-type: debug + compiler: intel + version: 2021.2.0 + + - os: ubuntu-latest + build: fpm + build-type: debug + compiler: gnu + version: 10 defaults: run: @@ -111,217 +111,238 @@ jobs: PYTHON_V: 3.9 steps: - - name: Checkout code - uses: actions/checkout@v4 - - - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHON_V }} - - - name: Link pre-installed GCC and FC (MacOS - ARM) - if: ${{ contains(matrix.os, 'macos') && ! contains(matrix.os, '13') && matrix.compiler == 'gnu' }} - run: | - brew install openblas - gfortran_path=$( which gfortran-${{ env.GCC_V }} ) - gcc_path=$( which gcc-${{ env.GCC_V }} ) - gplusplus_path=$( which g++-${{ env.GCC_V }} ) - export FC=$gfortran_path - export CC=$gcc_path - export CXX=$gplusplus_path - ln -s $gfortran_path /usr/local/bin/gfortran - ln -s $gcc_path /usr/local/bin/gcc - ln -s $gplusplus_path /usr/local/bin/g++ - echo "PKG_CONFIG_PATH=/usr/local/opt/openblas/lib/pkgconfig" >> $GITHUB_ENV - echo "LDFLAGS=-L/opt/homebrew/opt/openblas/lib" >> $GITHUB_ENV - echo "CPPFLAGS=-I/opt/homebrew/opt/openblas/include" >> $GITHUB_ENV - brew install libffi - export LDFLAGS="-L$(brew --prefix libffi)/lib" - export CPPFLAGS="-I$(brew --prefix libffi)/include" - - - name: Install GCC (MacOS - x86_64) - if: ${{ contains(matrix.os, 'macos-13') && matrix.compiler == 'gnu' }} - run: | - brew install gcc@${{ env.GCC_V }} openblas - ln -s /usr/local/bin/gfortran-${{ env.GCC_V }} /usr/local/bin/gfortran - ln -s /usr/local/bin/gcc-${{ env.GCC_V }} /usr/local/bin/gcc - ln -s /usr/local/bin/g++-${{ env.GCC_V }} /usr/local/bin/g++ - echo "PKG_CONFIG_PATH=/usr/local/opt/openblas/lib/pkgconfig" >> $GITHUB_ENV - - - name: Install GCC (Linux) - if: ${{ contains(matrix.os, 'ubuntu') && matrix.compiler == 'gnu' }} - run: | - sudo add-apt-repository ppa:ubuntu-toolchain-r/test - sudo apt-get update - sudo apt-get install -y gcc-${{ env.GCC_V}} gfortran-${{ env.GCC_V }} - sudo update-alternatives \ - --install /usr/bin/gcc gcc /usr/bin/gcc-${{ env.GCC_V }} 100 \ - --slave /usr/bin/gfortran gfortran /usr/bin/gfortran-${{ env.GCC_V }} \ - --slave /usr/bin/gcov gcov /usr/bin/gcov-${{ env.GCC_V }} - - - name: Install GCC (Windows) - if: ${{ contains(matrix.os, 'windows') && matrix.compiler == 'msys' }} - uses: msys2/setup-msys2@v2 - with: - msystem: MINGW64 - update: false - install: >- - git - mingw-w64-x86_64-gcc-fortran - mingw-w64-x86_64-openblas - mingw-w64-x86_64-lapack - mingw-w64-x86_64-cmake - mingw-w64-x86_64-meson - mingw-w64-x86_64-ninja - - - name: Install fpm - if: ${{ matrix.build == 'fpm' }} - uses: fortran-lang/setup-fpm@v5 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Prepare for cache restore - if: ${{ matrix.compiler == 'intel' }} - run: | - sudo mkdir -p /opt/intel - sudo chown $USER /opt/intel - - - name: Cache Intel install - if: ${{ matrix.compiler == 'intel' }} - id: cache-install - uses: actions/cache@v4 - with: - path: /opt/intel/oneapi - key: install-${{ matrix.compiler }}-${{ matrix.version }}-${{ matrix.os }} - - - name: Install Intel (Linux) - if: ${{ contains(matrix.os, 'ubuntu') && contains(matrix.compiler, 'intel') && steps.cache-install.outputs.cache-hit != 'true' }} - run: | - wget https://apt.repos.intel.com/intel-gpg-keys/${{ env.KEY }} - sudo apt-key add ${{ env.KEY }} - rm ${{ env.KEY }} - echo "deb https://apt.repos.intel.com/oneapi all main" | sudo tee /etc/apt/sources.list.d/oneAPI.list - sudo apt-get update - sudo apt-get install ${{ env.PKG }} - env: - KEY: GPG-PUB-KEY-INTEL-SW-PRODUCTS-2023.PUB - PKG: ${{ env.LINUX_INTEL_COMPONENTS }} - - - name: Setup Intel oneAPI environment - if: ${{ matrix.compiler == 'intel' }} - run: | - source /opt/intel/oneapi/setvars.sh - printenv >> $GITHUB_ENV - - - name: Install build and test dependencies - if: ${{ ! contains(matrix.os, 'windows') }} - run: pip3 install ${{ env.PIP_PACKAGES }} ${{ env.PIP_EXTRAS }} - - - name: Configure build (meson) - if: ${{ matrix.build == 'meson' }} - run: >- - meson setup ${{ env.BUILD_DIR }} - --buildtype=debug - --prefix=$PWD/_dist - --libdir=lib - --warnlevel=0 - -Db_coverage=${{ env.COVERAGE }} - ${{ env.MESON_ARGS }} - env: - COVERAGE: ${{ matrix.build-type == 'coverage' }} - MESON_ARGS: >- - ${{ matrix.compiler == 'intel' && '-Dfortran_link_args=-qopenmp -Dapi=false' || '' }} - ${{ contains(matrix.os, 'macos') && '-Dlapack=openblas' || '' }} - ${{ contains(matrix.os, 'windows') && '-Dfortran_link_args=-Wl,--allow-multiple-definition' || '' }} - - - name: Configure build (CMake) - if: ${{ matrix.build == 'cmake' }} - run: >- - cmake -B${{ env.BUILD_DIR }} - -GNinja - -DCMAKE_BUILD_TYPE=Debug - -DCMAKE_INSTALL_PREFIX=$PWD/_dist - -DCMAKE_INSTALL_LIBDIR=lib - - - name: Build library (fpm) - if: ${{ matrix.build == 'fpm' }} - run: | - fpm --version - fpm build - - - name: Build library - if: ${{ matrix.build != 'fpm' }} - run: ninja -C ${{ env.BUILD_DIR }} - - - name: Run unit tests (fpm) - if: ${{ matrix.build == 'fpm' }} - run: fpm test - - - name: Run unit tests (meson) - if: ${{ matrix.build == 'meson' }} - run: >- - meson test - -C ${{ env.BUILD_DIR }} - --print-errorlogs - --no-rebuild - --num-processes 1 - --suite dftd4 - -t 2 - env: - OMP_NUM_THREADS: 1,2,1 - - - name: Run benchmarks - if: ${{ matrix.build == 'meson' }} - run: >- - meson test - -C ${{ env.BUILD_DIR }} - --print-errorlogs - --no-rebuild - --num-processes 1 - --suite dftd4 - -t 2 - --benchmark - - - name: Run unit tests (ctest) - if: ${{ matrix.build == 'cmake' }} - run: | - ctest --output-on-failure --parallel 2 - working-directory: ${{ env.BUILD_DIR }} - env: - OMP_NUM_THREADS: 1,2,1 - - - name: Create coverage report - if: ${{ matrix.build == 'meson' && matrix.build-type == 'coverage' }} - run: - ninja -C ${{ env.BUILD_DIR }} coverage - - - name: Install project - if: ${{ matrix.build != 'fpm' }} - run: | - ninja -C ${{ env.BUILD_DIR }} install - echo "DFTD4_PREFIX=$PWD/_dist" >> $GITHUB_ENV - - - name: Create package - if: ${{ matrix.build == 'meson' && matrix.version == 12 && matrix.build-type == 'debug' && matrix.compiler == 'gnu' }} - run: | - tar cvf ${{ env.OUTPUT }} _dist - xz -T0 ${{ env.OUTPUT }} - echo "DFTD4_OUTPUT=${{ env.OUTPUT }}.xz" >> $GITHUB_ENV - env: - OUTPUT: dftd4-${{ matrix.compiler }}-${{ matrix.version }}-${{ matrix.os }}.tar - - - name: Upload package - if: ${{ matrix.build == 'meson' && matrix.version == 12 && matrix.build-type == 'debug' && matrix.compiler == 'gnu' }} - uses: actions/upload-artifact@v4 - with: - name: ${{ env.DFTD4_OUTPUT }} - path: ${{ env.DFTD4_OUTPUT }} - - - name: Upload coverage report - if: ${{ matrix.build == 'meson' && matrix.build-type == 'coverage' }} - uses: codecov/codecov-action@v4 - with: - token: ${{ secrets.CODECOV_TOKEN }} - + - name: Checkout code + uses: actions/checkout@v4 + with: + persist-credentials: false + + - uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHON_V }} + + - name: Link pre-installed GCC and FC (MacOS - ARM) + if: ${{ contains(matrix.os, 'macos') && ! contains(matrix.os, '13') && matrix.compiler == 'gnu' }} + run: | + brew install openblas + gfortran_path=$( which gfortran-${GCC_V} ) + gcc_path=$( which gcc-${GCC_V} ) + gplusplus_path=$( which g++-${GCC_V} ) + export FC=$gfortran_path + export CC=$gcc_path + export CXX=$gplusplus_path + ln -s $gfortran_path /usr/local/bin/gfortran + ln -s $gcc_path /usr/local/bin/gcc + ln -s $gplusplus_path /usr/local/bin/g++ + echo "PKG_CONFIG_PATH=/usr/local/opt/openblas/lib/pkgconfig" >> $GITHUB_ENV + echo "LDFLAGS=-L/opt/homebrew/opt/openblas/lib" >> $GITHUB_ENV + echo "CPPFLAGS=-I/opt/homebrew/opt/openblas/include" >> $GITHUB_ENV + brew install libffi + export LDFLAGS="-L$(brew --prefix libffi)/lib" + export CPPFLAGS="-I$(brew --prefix libffi)/include" + env: + GCC_V: ${{ env.GCC_V }} + + - name: Install GCC (MacOS - x86_64) + if: ${{ contains(matrix.os, 'macos-13') && matrix.compiler == 'gnu' }} + run: | + brew install gcc@$GCC_V openblas + ln -s /usr/local/bin/gfortran-${GCC_V} /usr/local/bin/gfortran + ln -s /usr/local/bin/gcc-${GCC_V} /usr/local/bin/gcc + ln -s /usr/local/bin/g++-${GCC_V} /usr/local/bin/g++ + echo "PKG_CONFIG_PATH=/usr/local/opt/openblas/lib/pkgconfig" >> $GITHUB_ENV + env: + GCC_V: ${{ env.GCC_V }} + + - name: Install GCC (Linux) + if: ${{ contains(matrix.os, 'ubuntu') && matrix.compiler == 'gnu' }} + run: | + sudo add-apt-repository ppa:ubuntu-toolchain-r/test + sudo apt-get update + sudo apt-get install -y gcc-${GCC_V} gfortran-${GCC_V} + sudo update-alternatives \ + --install /usr/bin/gcc gcc /usr/bin/gcc-${GCC_V} 100 \ + --slave /usr/bin/gfortran gfortran /usr/bin/gfortran-${GCC_V} \ + --slave /usr/bin/gcov gcov /usr/bin/gcov-${GCC_V} + env: + GCC_V: ${{ env.GCC_V }} + + - name: Install GCC (Windows) + if: ${{ contains(matrix.os, 'windows') && matrix.compiler == 'msys' }} + uses: msys2/setup-msys2@v2 + with: + msystem: MINGW64 + update: false + install: >- + git + mingw-w64-x86_64-gcc-fortran + mingw-w64-x86_64-openblas + mingw-w64-x86_64-lapack + mingw-w64-x86_64-cmake + mingw-w64-x86_64-meson + mingw-w64-x86_64-ninja + + - name: Install fpm + if: ${{ matrix.build == 'fpm' }} + uses: fortran-lang/setup-fpm@v5 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Prepare for cache restore + if: ${{ matrix.compiler == 'intel' }} + run: | + sudo mkdir -p /opt/intel + sudo chown $USER /opt/intel + + - name: Cache Intel install + if: ${{ matrix.compiler == 'intel' }} + id: cache-install + uses: actions/cache@v4 + with: + path: /opt/intel/oneapi + key: install-${{ matrix.compiler }}-${{ matrix.version }}-${{ matrix.os }} + + - name: Install Intel (Linux) + if: ${{ contains(matrix.os, 'ubuntu') && contains(matrix.compiler, 'intel') && steps.cache-install.outputs.cache-hit != 'true' }} + run: | + wget https://apt.repos.intel.com/intel-gpg-keys/$KEY + sudo apt-key add $KEY + rm $KEY + echo "deb https://apt.repos.intel.com/oneapi all main" | sudo tee /etc/apt/sources.list.d/oneAPI.list + sudo apt-get update + sudo apt-get install $PKG + env: + KEY: GPG-PUB-KEY-INTEL-SW-PRODUCTS-2023.PUB + PKG: ${{ env.LINUX_INTEL_COMPONENTS }} + + - name: Setup Intel oneAPI environment + if: ${{ matrix.compiler == 'intel' }} + run: | + source /opt/intel/oneapi/setvars.sh + printenv >> $GITHUB_ENV + + - name: Install build and test dependencies + if: ${{ ! contains(matrix.os, 'windows') }} + run: pip3 install $PIP_PACKAGES $PIP_EXTRAS + env: + PIP_PACKAGES: ${{ env.PIP_PACKAGES }} + PIP_EXTRAS: ${{ env.PIP_EXTRAS }} + + - name: Configure build (meson) + if: ${{ matrix.build == 'meson' }} + run: >- + meson setup $BUILD_DIR + --buildtype=debug + --prefix=$PWD/_dist + --libdir=lib + --warnlevel=0 + -Db_coverage=$COVERAGE + $MESON_ARGS + env: + BUILD_DIR: ${{ env.BUILD_DIR }} + COVERAGE: ${{ matrix.build-type == 'coverage' }} + MESON_ARGS: >- + ${{ matrix.compiler == 'intel' && '-Dfortran_link_args=-qopenmp -Dapi=false' || '' }} + ${{ contains(matrix.os, 'macos') && '-Dlapack=openblas' || '' }} + ${{ contains(matrix.os, 'windows') && '-Dfortran_link_args=-Wl,--allow-multiple-definition' || '' }} + + - name: Configure build (CMake) + if: ${{ matrix.build == 'cmake' }} + run: >- + cmake -B${BUILD_DIR} + -GNinja + -DCMAKE_BUILD_TYPE=Debug + -DCMAKE_INSTALL_PREFIX=$PWD/_dist + -DCMAKE_INSTALL_LIBDIR=lib + env: + BUILD_DIR: ${{ env.BUILD_DIR }} + + - name: Build library (fpm) + if: ${{ matrix.build == 'fpm' }} + run: | + fpm --version + fpm build + + - name: Build library + if: ${{ matrix.build != 'fpm' }} + run: ninja -C $BUILD_DIR + env: + BUILD_DIR: ${{ env.BUILD_DIR }} + + - name: Run unit tests (fpm) + if: ${{ matrix.build == 'fpm' }} + run: fpm test + + - name: Run unit tests (meson) + if: ${{ matrix.build == 'meson' }} + run: >- + meson test + -C $BUILD_DIR + --print-errorlogs + --no-rebuild + --num-processes 1 + --suite dftd4 + -t 2 + env: + OMP_NUM_THREADS: 1,2,1 + BUILD_DIR: ${{ env.BUILD_DIR }} + + - name: Run benchmarks + if: ${{ matrix.build == 'meson' }} + run: >- + meson test + -C $BUILD_DIR + --print-errorlogs + --no-rebuild + --num-processes 1 + --suite dftd4 + -t 2 + --benchmark + env: + BUILD_DIR: ${{ env.BUILD_DIR }} + + - name: Run unit tests (ctest) + if: ${{ matrix.build == 'cmake' }} + run: | + ctest --output-on-failure --parallel 2 + working-directory: ${{ env.BUILD_DIR }} + env: + OMP_NUM_THREADS: 1,2,1 + + - name: Create coverage report + if: ${{ matrix.build == 'meson' && matrix.build-type == 'coverage' }} + run: ninja -C $BUILD_DIR coverage + env: + BUILD_DIR: ${{ env.BUILD_DIR }} + + - name: Install project + if: ${{ matrix.build != 'fpm' }} + run: | + ninja -C $BUILD_DIR install + echo "DFTD4_PREFIX=$PWD/_dist" >> $GITHUB_ENV + env: + BUILD_DIR: ${{ env.BUILD_DIR }} + + - name: Create package + if: ${{ matrix.build == 'meson' && matrix.version == 12 && matrix.build-type == 'debug' && matrix.compiler == 'gnu' }} + run: | + tar cvf ${OUTPUT} _dist + xz -T0 $OUTPUT + echo "DFTD4_OUTPUT=${OUTPUT}.xz" >> $GITHUB_ENV + env: + OUTPUT: dftd4-${{ matrix.compiler }}-${{ matrix.version }}-${{ matrix.os }}.tar + + - name: Upload package + if: ${{ matrix.build == 'meson' && matrix.version == 12 && matrix.build-type == 'debug' && matrix.compiler == 'gnu' }} + uses: actions/upload-artifact@v4 + with: + name: ${{ env.DFTD4_OUTPUT }} + path: ${{ env.DFTD4_OUTPUT }} + + - name: Upload coverage report + if: ${{ matrix.build == 'meson' && matrix.build-type == 'coverage' }} + uses: codecov/codecov-action@v4 + with: + token: ${{ secrets.CODECOV_TOKEN }} python: needs: @@ -332,12 +353,12 @@ jobs: matrix: os: [ubuntu-latest] gcc_v: [12] - python_v: ['3.7', '3.8', '3.9', '3.10', '3.11', '3.12'] + python_v: ["3.7", "3.8", "3.9", "3.10", "3.11", "3.12"] include: - os: macos-latest gcc_v: 12 - python_v: '3.9' + python_v: "3.9" env: FC: gfortran @@ -348,70 +369,80 @@ jobs: DFTD4_OUTPUT: dftd4-gnu-${{ matrix.gcc_v }}-${{ matrix.os }}.tar.xz steps: - - name: Checkout code - uses: actions/checkout@v4 - - - uses: actions/setup-python@v5 - with: - python-version: ${{ matrix.python_v }} - - - name: Link pre-installed GCC and FC (macOS) - if: ${{ contains(matrix.os, 'macos')}} - run: | - brew install openblas - gfortran_path=$( which gfortran-${{ env.GCC_V }} ) - gcc_path=$( which gcc-${{ env.GCC_V }} ) - gplusplus_path=$( which g++-${{ env.GCC_V }} ) - export FC=$gfortran_path - export CC=$gcc_path - export CXX=$gplusplus_path - ln -s $gfortran_path /usr/local/bin/gfortran - ln -s $gcc_path /usr/local/bin/gcc - ln -s $gplusplus_path /usr/local/bin/g++ - echo "PKG_CONFIG_PATH=/usr/local/opt/openblas/lib/pkgconfig" >> $GITHUB_ENV - echo "LDFLAGS=-L/opt/homebrew/opt/openblas/lib" >> $GITHUB_ENV - echo "CPPFLAGS=-I/opt/homebrew/opt/openblas/include" >> $GITHUB_ENV - - - name: Install GCC (Linux) - if: ${{ contains(matrix.os, 'ubuntu') }} - run: >- - sudo update-alternatives - --install /usr/bin/gcc gcc /usr/bin/gcc-${{ env.GCC_V }} 100 - --slave /usr/bin/gfortran gfortran /usr/bin/gfortran-${{ env.GCC_V }} - --slave /usr/bin/gcov gcov /usr/bin/gcov-${{ env.GCC_V }} - - - name: Install meson and test dependencies - run: pip3 install ${{ env.PIP_EXTRAS }} - - - name: Download package - uses: actions/download-artifact@v4 - with: - name: ${{ env.DFTD4_OUTPUT }} - - - name: Unpack package - run: | - tar xvf ${{ env.DFTD4_OUTPUT }} - echo "DFTD4_PREFIX=$PWD/_dist" >> $GITHUB_ENV - - - name: Copy parameter file - run: | - cp assets/parameters.toml python/dftd4 - - - name: Install Python extension module (pip) - run: pip3 install . -vv - working-directory: python - env: - PKG_CONFIG_PATH: ${{ env.PKG_CONFIG_PATH }}:${{ env.DFTD4_PREFIX }}/lib/pkgconfig - - - name: Test Python API - run: pytest --pyargs dftd4 --cov=dftd4 -vv - env: - LD_LIBRARY_PATH: ${{ env.LD_LIBRARY_PATH }}:${{ env.DFTD4_PREFIX }}/lib - DYLD_LIBRARY_PATH: ${{ env.DYLD_LIBRARY_PATH }}:${{ env.DFTD4_PREFIX }}/lib - - - run: pip3 install coverage - - - name: Upload coverage report - uses: codecov/codecov-action@v4 - with: - token: ${{ secrets.CODECOV_TOKEN }} + - name: Checkout code + uses: actions/checkout@v4 + with: + persist-credentials: false + + - uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python_v }} + + - name: Link pre-installed GCC and FC (macOS) + if: ${{ contains(matrix.os, 'macos') }} + run: | + brew install openblas + gfortran_path=$( which gfortran-${GCC_V} ) + gcc_path=$( which gcc-${GCC_V} ) + gplusplus_path=$( which g++-${GCC_V} ) + export FC=$gfortran_path + export CC=$gcc_path + export CXX=$gplusplus_path + ln -s $gfortran_path /usr/local/bin/gfortran + ln -s $gcc_path /usr/local/bin/gcc + ln -s $gplusplus_path /usr/local/bin/g++ + echo "PKG_CONFIG_PATH=/usr/local/opt/openblas/lib/pkgconfig" >> $GITHUB_ENV + echo "LDFLAGS=-L/opt/homebrew/opt/openblas/lib" >> $GITHUB_ENV + echo "CPPFLAGS=-I/opt/homebrew/opt/openblas/include" >> $GITHUB_ENV + env: + GCC_V: ${{ env.GCC_V }} + + - name: Install GCC (Linux) + if: ${{ contains(matrix.os, 'ubuntu') }} + run: >- + sudo update-alternatives + --install /usr/bin/gcc gcc /usr/bin/gcc-${GCC_V} 100 + --slave /usr/bin/gfortran gfortran /usr/bin/gfortran-${GCC_V} + --slave /usr/bin/gcov gcov /usr/bin/gcov-${GCC_V} + env: + GCC_V: ${{ env.GCC_V }} + + - name: Install meson and test dependencies + run: pip3 install $PIP_EXTRAS + env: + PIP_EXTRAS: ${{ env.PIP_EXTRAS }} + + - name: Download package + uses: actions/download-artifact@v4 + with: + name: ${{ env.DFTD4_OUTPUT }} + + - name: Unpack package + run: | + tar xvf $DFTD4_OUTPUT + echo "DFTD4_PREFIX=$PWD/_dist" >> $GITHUB_ENV + env: + DFTD4_OUTPUT: ${{ env.DFTD4_OUTPUT }} + + - name: Copy parameter file + run: | + cp assets/parameters.toml python/dftd4 + + - name: Install Python extension module (pip) + run: pip3 install . -vv + working-directory: python + env: + PKG_CONFIG_PATH: ${{ env.PKG_CONFIG_PATH }}:${{ env.DFTD4_PREFIX }}/lib/pkgconfig + + - name: Test Python API + run: pytest --pyargs dftd4 --cov=dftd4 -vv + env: + LD_LIBRARY_PATH: ${{ env.LD_LIBRARY_PATH }}:${{ env.DFTD4_PREFIX }}/lib + DYLD_LIBRARY_PATH: ${{ env.DYLD_LIBRARY_PATH }}:${{ env.DFTD4_PREFIX }}/lib + + - run: pip3 install coverage + + - name: Upload coverage report + uses: codecov/codecov-action@v4 + with: + token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/wheel.yml b/.github/workflows/wheel.yml index f85004914..f6f4ef191 100644 --- a/.github/workflows/wheel.yml +++ b/.github/workflows/wheel.yml @@ -31,20 +31,26 @@ jobs: run: shell: bash -l {0} steps: - - uses: actions/checkout@v4 - - name: Setup Python - uses: mamba-org/setup-micromamba@v1 - with: - environment-file: assets/ci/build-env.yaml - - run: | - meson setup _build - meson dist -C _build --no-tests --include-subprojects - mv _build/meson-dist/*.tar.xz . - - uses: actions/upload-artifact@v4 - with: - name: dftd4-source - path: ./*.tar.xz - retention-days: 5 + - name: Checkout code + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Setup Python + uses: mamba-org/setup-micromamba@v1 + with: + environment-file: assets/ci/build-env.yaml + + - run: | + meson setup _build + meson dist -C _build --no-tests --include-subprojects + mv _build/meson-dist/*.tar.xz . + + - uses: actions/upload-artifact@v4 + with: + name: dftd4-source + path: ./*.tar.xz + retention-days: 5 sdist: runs-on: ubuntu-latest @@ -52,28 +58,37 @@ jobs: run: shell: bash -l {0} steps: - - uses: actions/checkout@v4 - - name: Setup Python - uses: mamba-org/setup-micromamba@v1 - with: - environment-file: assets/ci/python-env.yaml - create-args: >- - meson-python - python-build - - name: Reorganize repository - run: | - git config user.email "" - git config user.name "dummy" - git subtree add --prefix python/subprojects/dftd4 . HEAD - git mv {assets,python/dftd4}/parameters.toml - git commit -m "Python dist" - - run: | - python -m build python/ --sdist --outdir . -n - - uses: actions/upload-artifact@v4 - with: - name: dftd4-python-sdist - path: ./*.tar.gz - retention-days: 5 + - name: Checkout code + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Setup Python + uses: mamba-org/setup-micromamba@v1 + with: + environment-file: assets/ci/python-env.yaml + create-args: >- + meson-python + python-build + + - name: Reorganize repository + run: | + git config user.email "" + git config user.name "dummy" + git subtree add --prefix python/subprojects/dftd4 . HEAD + git mv {assets,python/dftd4}/parameters.toml + git commit -m "Python dist" + + - name: Build source distribution + run: | + python -m build python/ --sdist --outdir . -n + + - name: Upload source distribution as artifact + uses: actions/upload-artifact@v4 + with: + name: dftd4-python-sdist + path: ./*.tar.gz + retention-days: 5 wheels: needs: @@ -83,19 +98,19 @@ jobs: fail-fast: false matrix: os: - - ubuntu-latest - - macos-latest - - macos-13 - python: ['39', '310', '311', '312', '313'] + - ubuntu-latest + - macos-latest + - macos-13 + python: ["39", "310", "311", "312", "313"] include: # Python 3.7 and 3.8 is not supported on 'macos-latest' - os: ubuntu-latest - python: '37' + python: "37" - os: ubuntu-latest - python: '38' + python: "38" - os: macos-13 - python: '37' + python: "37" - os: macos-13 - python: '38' + python: "38" defaults: run: @@ -105,7 +120,7 @@ jobs: # Set up Python to host 'cibuildwheel' - uses: actions/setup-python@v5 with: - python-version: '3.x' + python-version: "3.x" # Install 'cibuildwheel' as the driver for building wheels - name: Install cibuildwheel @@ -163,7 +178,7 @@ jobs: - name: Download artifacts uses: actions/download-artifact@v4 with: - path: ${{ github.workspace }} # This will download all files + path: ${{ github.workspace }} # This will download all files - name: Create SHA256 checksums run: |