Skip to content

ci: pass linux wheel target to maturin#228

Merged
sammuti merged 1 commit intodevelopfrom
fix/linux-wheel-target
Mar 18, 2026
Merged

ci: pass linux wheel target to maturin#228
sammuti merged 1 commit intodevelopfrom
fix/linux-wheel-target

Conversation

@sammuti
Copy link
Contributor

@sammuti sammuti commented Mar 18, 2026
edited
Loading

Summary

  • pass matrix.target into the Linux wheel maturin build step
  • fix the i686 manylinux setup script to avoid calling sudo inside the container

Why we are doing this

We are investigating release failures during the PyPI publish step. A strong hypothesis is that the release job may be failing because it downloads all wheel artifacts into a single directory with merge-multiple: true, and the current Linux workflow can produce duplicate filenames with different contents.

Specifically, the release pipeline has been seeing PyPI reject a Linux wheel with a Trailing data ZIP error. One plausible explanation is that two different artifacts are writing different bytes to the same merged output filename before publish.

What was happening before

The Linux wheel matrix includes both:

  • x86_64-unknown-linux-gnu
  • i686-unknown-linux-gnu

But the Linux maturin-action step was not receiving target: ${{ matrix.target }}.

That meant the i686 job was not actually building i686 wheels. Instead, it built for the default host target on the runner, which is x86_64. As a result:

  • the wheels-i686-unknown-linux-gnu artifact contained files named like ...x86_64.whl
  • those filenames collided with the real x86_64 Linux wheels during later artifact merging
  • the colliding files were not byte-identical
  • this is a plausible cause of the release publish failure we are investigating

So even if this is not the only issue in the release pipeline, it is a real bug and an important thing to eliminate while debugging the PyPI failure.

Why this fix

This change makes the Linux job build the target it claims to build.

While testing that change, the i686 job started failing for a second reason: the before-script-linux path tried to run sudo inside the manylinux i686 container, but /usr/bin/sudo is not available there. Since the container is already running with sufficient privileges for that setup step, the symlink can be created directly.

So this PR does two things that belong together:

  • fix the missing target wiring so the i686 lane stops producing x86_64-named wheels
  • make the real i686 setup path work in the manylinux container

Validation

  • inspected release artifacts from recent runs
  • confirmed that wheels-i686-unknown-linux-gnu previously contained ...x86_64.whl files
  • confirmed those files differed from the real x86_64 artifact files despite sharing the same names
  • ran CI on this branch and confirmed that, after wiring the target correctly, the i686 lane began exercising the real i686 path and exposed the container sudo issue addressed here

@coderabbitai
Copy link

coderabbitai bot commented Mar 18, 2026
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9ced2ec2-3fbc-450b-85d1-3ac0a023cc54

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/linux-wheel-target
📝 Coding Plan
  • Generate coding plan for human review comments

Comment @coderabbitai help to get the list of available commands and usage tips.

Tip

CodeRabbit can use TruffleHog to scan for secrets in your code with verification capabilities.

Add a TruffleHog config file (e.g. trufflehog-config.yml, trufflehog.yml) to your project to customize detectors and scanning behavior. The tool runs only when a config file is present.

@sammuti sammuti force-pushed the fix/linux-wheel-target branch from add563e to ff5858a Compare March 18, 2026 11:34
@sammuti sammuti requested a review from bradhe March 18, 2026 11:34
socksy
socksy approved these changes Mar 18, 2026
View reviewed changes
Copy link
Contributor

@socksy socksy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is the cause of the trailing bytes, but it's a bug we should fix 😅

@sammuti sammuti merged commit 801ea3f into develop Mar 18, 2026
31 checks passed
@sammuti sammuti deleted the fix/linux-wheel-target branch March 18, 2026 12:37
@socksy socksy mentioned this pull request Mar 18, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@socksy socksy socksy approved these changes

@jo-sm jo-sm Awaiting requested review from jo-sm

@konstantinoscs konstantinoscs Awaiting requested review from konstantinoscs

@bradhe bradhe Awaiting requested review from bradhe

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sammuti @socksy