Workflow to build python CLI artifacts (sdist + wheels)

[HonahX]

This PR include a github workflow, "Python Client Build Artifacts", to build wheels for multiple os/platform for nightly build and release automation in the future. It will produce a zip containing
contain sdist and wheels built for macos and linux (TODO: support windows)

> tar -tzf python-client-artifacts-20141056849.zip
apache_polaris-1.2.0-cp310-cp310-macosx_14_0_arm64.whl
apache_polaris-1.2.0-cp310-cp310-manylinux_2_39_x86_64.whl
apache_polaris-1.2.0-cp310-cp310-macosx_15_0_arm64.whl
apache_polaris-1.2.0-cp311-cp311-macosx_14_0_arm64.whl
apache_polaris-1.2.0-cp311-cp311-macosx_15_0_arm64.whl
apache_polaris-1.2.0-cp311-cp311-manylinux_2_39_x86_64.whl
apache_polaris-1.2.0-cp312-cp312-macosx_14_0_arm64.whl
apache_polaris-1.2.0-cp312-cp312-macosx_15_0_arm64.whl
apache_polaris-1.2.0-cp312-cp312-manylinux_2_39_x86_64.whl
apache_polaris-1.2.0-cp313-cp313-macosx_14_0_arm64.whl
apache_polaris-1.2.0-cp313-cp313-macosx_15_0_arm64.whl
apache_polaris-1.2.0-cp313-cp313-manylinux_2_39_x86_64.whl
apache_polaris-1.2.0.tar.gz

The expected usage for this workflow is:

1. Triggered for every python client changes to verify that changes will not break wheel building
2. Called by other workflow (e.g. nightly build) like

....
  build-nightly-artifacts:
    needs:
      - generate-version
    uses: ./.github/workflows/python-client-build-artifacts.yml
    with:
      version: ${{ needs.generate-version.outputs.VERSION }}

....
-- download artifacts

-- upload to test.pypi.org

....

3. Called by maintainer directly for test purpose.

The build of a release candidate that include proper sig, checksum, is out-of-scope of this PR and should be included in follow-up PR for python client release automation

cc: @binarycat0 @MonkeyCanCode @flyrain @snazy

Checklist

• 🛡️ Don't disclose security issues! (contact [email protected])
• 🔗 Clearly explained why the changes are needed, or linked related issues: Fixes #
• 🧪 Added/updated tests with good coverage, or manually tested (and explained how)
• 💡 Added comments for complex logic
• 🧾 Updated CHANGELOG.md (if needed)
• 📚 Updated documentation in site/content/in-dev/unreleased (if needed)

[MonkeyCanCode]

@HonahX very nice work. We are almost there to have package in PyPI.

[snazy]

Is there a particular reason to not extent the release-automation workflows?

We have to follow the ASF release policy. It seems there are some steps missing in this PR:

• checksums
• gpg signatures
• RC staging
• staging the source tarball and artifacts to vote on
• eventually publishing exactly the artifacts that have been voted on

[HonahX]

Hi @snazy Thanks for highlighting these important elements of the final release candidate for python CLI. Given the number of missing pieces in the CLI release process, my goal is to separate the pipeline into 2 milestone:

1. Have a formalized way to build release artifacts (wheels) that will later be released to PyPI for users to install.
2. Have a formalized way to build and upload release candidate that include proper signature and checksum of release artifacts (release automation pipeline)

This PR aims to focus on the first milestone in order to have additional CI to ensure that all changes are compatible with the release process and unblock nightly build. The signature/checksum/release candidate are goals in the second milestone. This way we could first determine what to release and start testing the artifacts and then finishing the rest part. WDYT?

[snazy]

@HonahX is this PR a draft PR or not? The summary says yes, the PR status says no.

[HonahX]

Hi @snazy It's ready for review. I checked the current PR description and it does not seem to imply this as a draft. Could you please point me to the part of the summary that may lead to the wrong implication here? Just want to eliminate all potential confusion.

[snazy]

The PR adds completely new release workflows for separate Python releases.

We already have release workflows in place, so I do not see a point having a separate set of workflows.

Technically it's missing a lot of the requirements for release artifacts for ASF projects and the ASF release process.

A huge amount of time and work already went into the existing release automation, because it is not an easy task to get it right.

[HonahX]

Hi @snazy, I think there might be some confusion in the original PR summary and the workflow name. I should not put the "release" in the workflow title as the intention was not to make this a separate release procedure than the existing release automation. Ultimately, the python client release process should be part of the release automation.

I've updated the PR to simplify the workflow file and updated the summary to clarify the intention. We will focus on build the right wheels and sdist and make nightly build working first. Sorry for any confusion above. Please take a look again and let me know WDYT!

[snazy]

I can take another look, but due to time constraints likely not before next week.

[flyrain]

Curious: does this command archive the same result?

run: |
          make client-build FORMAT=wheel

[HonahX]

It should be mostly the same for MacOs/windows, but for linux it will help build both manylinux and musllinux wheel to have broad compatibility.

[flyrain]

LGTM. Thanks @HonahX !

[snazy]

I think we do not need the overhead of CPython.
Without that, I suspect the Python package build can be moved into the Makefile and the calling workflows would just need to setup the necessary Python versions.

Then the existing nightly-build workflow can be extended with one job to setup Python, call that Makefile target and publish to test.pypi.org.

[snazy]

Actions in ASF workflows must reference the Git SHA of an ASF-approved version of the action, see this policy.

[snazy]

The action docs mention that the wheels can contain libraries from the build container.
Which ones are included and what are the licenses for those libraries?

[HonahX]

Good catch. We definitely should use the approved version here: https://github.com/apache/infrastructure-actions/blob/7a58482c11f14b79ea238d4a57093077cc18673c/approved_patterns.yml#L174C3-L174C61

The action docs mention that the wheels can contain libraries from the build container.

The dependencies may be brought by the wheel repair operation. In our case, we explicitly disabled the wheel repair:

          CIBW_REPAIR_WHEEL_COMMAND_MACOS: "" 
          CIBW_REPAIR_WHEEL_COMMAND_LINUX: ""

so no additional dependencies will be brought in.

But based on other comments and discussion, cibuildwheel may not be the best way here, let me try another approach first

[HonahX]

Switched to use make client-build FORMAT=wheel directly instead of cibuildwheel

[snazy]

I thought this WF is just for nightly builds?
I'm confused about the need for a "version" input and that the WF is triggered by PRs.

[HonahX]

The version here is optional and used to set the package version here

      - name: Set version (if provided)
        if: inputs.version != ''
        env:
          VERSION: ${{ inputs.version }}
        run: make client-set-version VERSION="${{ env.VERSION }}"

In the nightly build, we will need to determine a convention of the package version for nightly build, such as including commit hash/date to the package version, so we could have a better reference in test.pypi.org. But IMHO the details of the version we want to set to the package could be determined in the actual nightly build publication step. This workflow should focus on building all the wheels required, by default leave the package version unchanged and make it an option for any upstream caller to set the version as needed. WDYT?

[snazy]

Is there anything that's performance critical in the Python package?
I'd prefer to not build native code.

[HonahX]

Yeah, ideally we only need a universal wheel since everything is pure python. However, since we need to leverage a custom build script to do open api client generation, poetry thinks it needs to generate platform-specific wheels. This is a known limitation and seems we have no native way to override this behavior now.

Should the situation changed in the future, we should definitely switch to universal wheel if possible.

[snazy]

What's the reason for this special case?

[HonahX]

It could make the output zip file name indicate that a custom version has been provided hence the built sdist and wheels will have its package version changed. Just for convenience.