Skip to content

Scipy openblas #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
alexlib merged 8 commits into from
Feb 19, 2026
Merged

Scipy openblas #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
03721bc
Enhance Windows build setup for scipy-openblas
alexlib Feb 19, 2026
63613a3
Simplify CI workflow by removing redundant steps
alexlib Feb 19, 2026
2d749e7
Enhance cibuildwheel installation with dependencies
alexlib Feb 19, 2026
e608e37
Update cibuildwheel configuration for Windows
alexlib Feb 19, 2026
0d52a88
Update pyproject.toml
alexlib Feb 19, 2026
6105cd9
Update pyproject.toml
alexlib Feb 19, 2026
b4b7546
Initial plan
Copilot Feb 19, 2026
29e6082
Merge pull request #6 from OpenPTV/copilot/sub-pr-5
alexlib Feb 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 7 additions & 25 deletions .github/workflows/cibuildwheel.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,34 +22,16 @@ jobs:
with:
python-version: "3.11"

- name: Install dependencies (macOS)
if: runner.os == 'macOS'
run: |
brew install uv
- name: Install cibuildwheel and build dependencies
run: |
python -m pip install --upgrade pip
# Install these on the host so cibuildwheel can resolve the paths
python -m pip install cibuildwheel scipy-openblas delvewheel

- name: Cache vcpkg
if: runner.os == 'Windows'
uses: actions/cache@v4
with:
path: C:\\vcpkg\\installed
key: vcpkg-openblas-${{ runner.os }}

- name: Install cibuildwheel
run: python -m pip install --upgrade pip cibuildwheel
- name: Build wheels
run: python -m cibuildwheel --output-dir wheelhouse

- name: Build wheels
env:
CIBW_ENVIRONMENT_MACOS: EASYSBA_USE_ACCELERATE=1 EASYSBA_LAPACK_LIBS=
# Use the pre-installed vcpkg location for speed and reliability
CIBW_BEFORE_ALL_WINDOWS: >-
vcpkg install openblas:x64-windows

CIBW_ENVIRONMENT_WINDOWS: >-
EASYSBA_LAPACK_LIBS="libopenblas"
EASYSBA_INCLUDE_DIRS="C:/vcpkg/installed/x64-windows/include"
EASYSBA_LIBRARY_DIRS="C:/vcpkg/installed/x64-windows/lib"
INCLUDE="C:/vcpkg/installed/x64-windows/include;$INCLUDE"
LIB="C:/vcpkg/installed/x64-windows/lib;$LIB"
run: python -m cibuildwheel --output-dir wheelhouse

- name: Upload wheels
Expand Down
21 changes: 13 additions & 8 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ dependencies = ["numpy>=1.20"]
build-frontend = "build"
skip = "*-musllinux* *-win32"
test-skip = "*"

# Default environment for Linux
environment = { EASYSBA_LAPACK_LIBS = "openblas" }

[tool.cibuildwheel.linux]
Expand All @@ -22,14 +24,17 @@ before-all = "yum -y install openblas-devel lapack-devel"
[tool.cibuildwheel.macos]
environment = { EASYSBA_USE_ACCELERATE = "1", EASYSBA_LAPACK_LIBS = "" }

# [tool.cibuildwheel.windows]
# environment = { EASYSBA_LAPACK_LIBS = "openblas" }

[tool.cibuildwheel.windows]
# Install delvewheel to bundle the DLL into the wheel
before-build = "pip install delvewheel"
repair-wheel-command = "delvewheel repair --add-path C:\\vcpkg\\installed\\x64-windows\\bin -w {dest_dir} {wheel}"
# We already installed these on the host, but we install them in the
# build venv as well to be safe for the repair step.
before-build = "pip install scipy-openblas delvewheel"
Copy link

Copilot AI Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The before-build step installs third-party packages scipy-openblas and delvewheel via pip without any version pinning, creating a supply-chain risk in the automated build pipeline. If either package (or one of their transitive dependencies) is compromised, an attacker could execute code during the wheel build and inject malicious payloads into the produced artifacts. To mitigate this, pin these dependencies to immutable versions or hashes (and ideally verify integrity) so that build-time code execution cannot be silently altered by upstream changes.

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

@alexlib alexlib Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot open a new pull request to apply changes based on this feedback


[tool.cibuildwheel.windows.environment]
# Match the filename vcpkg actually produces: libopenblas
EASYSBA_LAPACK_LIBS = "libopenblas"
EASYSBA_LAPACK_LIBS = "openblas"
# These $(...) commands will now work because scipy-openblas is on the host
INCLUDE = "$(python -c \"import scipy_openblas; print(scipy_openblas.get_include_dir())\");$INCLUDE"
LIB = "$(python -c \"import scipy_openblas; print(scipy_openblas.get_lib_dir())\");$LIB"

[tool.cibuildwheel.windows.repair-wheel-command]
# Use the repair-wheel-command to bundle the DLL
repair-wheel-command = "python -c \"import scipy_openblas, subprocess, sys; subprocess.check_call(['delvewheel', 'repair', '--add-path', scipy_openblas.get_lib_dir(), '-w', sys.argv[1], sys.argv[2]])\" {dest_dir} {wheel}"