Revert "Temp add a workflow file to run prod tests"

Val Brodsky · Val Brodsky · commit 0e48825d030b · 2024-11-06T14:55:23.000-08:00
This reverts commit d66f913.
diff --git a/.github/workflows/lbox-publish.yml b/.github/workflows/lbox-publish.yml
@@ -30,7 +30,7 @@ jobs:
         id: filter
         with:
           ref: ${{ github.head_ref }}
-          base: v.6.0.1
+          base: ${{ inputs.tag }}
           list-files: 'json'
           filters: |
             lbox:
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -63,6 +63,17 @@ jobs:
         with:
           name: build
           path: ./dist
+  provenance_python:
+    needs: [build]
+    permissions:
+      actions: read
+      contents: write
+      id-token: write # Needed to access the workflow's OIDC identity.
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
+    with:
+      base64-subjects: "${{ needs.build.outputs.hashes }}"
+      upload-assets: true
+      upload-tag-name: ${{ inputs.tag }} # Tag from the initiation of the workflow
   test-build:
     if: ${{ !inputs.skip-tests }}
     needs: ['build']
@@ -127,3 +138,111 @@ jobs:
           rye add labelbox --path ./$(find ./dist/ -name *.tar.gz) --sync --absolute --features data
           cd libs/labelbox
           rye run pytest tests/data
+  publish-python-package-to-release:
+    runs-on: ubuntu-latest
+    needs: ['build']
+    permissions:
+      contents: write    
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.tag }}
+      - uses: actions/download-artifact@v4
+        with:
+          name: build
+          path: ./artifact
+      - name: Upload dist to release
+        run: |
+          gh release upload ${{ inputs.tag }} ./artifact/*
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  pypi-publish:   
+    runs-on: ubuntu-latest
+    needs: ['build', 'test-build']
+    if: |
+      always() &&
+      (needs.test-build.result == 'success' || needs.test-build.result == 'skipped') && github.event.inputs.tag
+    environment: 
+      name: publish
+      url: 'https://pypi.org/project/labelbox/'
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: build
+          path: ./artifact
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          packages-dir: artifact/
+  container-publish:
+    runs-on: ubuntu-latest
+    needs: ['build', 'test-build']
+    permissions:
+      packages: write
+    outputs:
+      image: ${{ steps.image.outputs.image }}
+      digest: ${{ steps.build_container.outputs.digest }}
+    if: |
+      always() &&
+      (needs.test-build.result == 'success' || needs.test-build.result == 'skipped') && github.event.inputs.tag
+    env:
+      CONTAINER_IMAGE: "ghcr.io/${{ github.repository }}"
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.tag }}
+
+      - name: downcase CONTAINER_IMAGE
+        run: |
+          echo "CONTAINER_IMAGE=${CONTAINER_IMAGE,,}" >> ${GITHUB_ENV}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+  
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+  
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        id: build_container
+        with:
+          context: .
+          file: ./libs/labelbox/Dockerfile
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          push: true
+  
+          platforms: |
+            linux/amd64
+            linux/arm64
+  
+          tags: |
+            ${{ env.CONTAINER_IMAGE }}:latest
+            ${{ env.CONTAINER_IMAGE }}:${{ inputs.tag }}
+      - name: Output image
+        id: image
+        run: |
+          # NOTE: Set the image as an output because the `env` context is not
+          # available to the inputs of a reusable workflow call.
+          image_name="${CONTAINER_IMAGE}"
+          echo "image=$image_name" >> "$GITHUB_OUTPUT"
+
+  provenance_container:
+    needs: [container-publish]
+    permissions:
+      actions: read # for detecting the Github Actions environment.
+      id-token: write # for creating OIDC tokens for signing.
+      packages: write # for uploading attestations.
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
+    with:
+      image: ${{ needs. container-publish.outputs.image }}
+      digest: ${{ needs. container-publish.outputs.digest }}
+      registry-username: ${{ github.actor }}
+    secrets:
+      registry-password: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/publish_run_prod_test.yml b/.github/workflows/publish_run_prod_test.yml
