1
+ name : LBox Publish
2
+
3
+ on :
4
+ workflow_dispatch :
5
+ inputs :
6
+ tag :
7
+ description : ' Release Tag'
8
+ required : true
9
+
10
+ concurrency :
11
+ group : ${{ github.workflow }}-${{ github.ref }}
12
+ cancel-in-progress : true
13
+
14
+ permissions :
15
+ id-token : write
16
+
17
+ jobs :
18
+ path-filter :
19
+ runs-on : ubuntu-latest
20
+ outputs :
21
+ lbox : ${{ true }}
22
+ test-matrix : ${{ steps.matrix.outputs.test-matrix }}
23
+ package-matrix : ${{ steps.matrix.outputs.publish-matrix }}
24
+ steps :
25
+ - uses : actions/checkout@v4
26
+ with :
27
+ # ref: ${{ inputs.tag }}
28
+ ref : ${{ inputs.tag }}
29
+ - uses : dorny/paths-filter@v3
30
+ id : filter
31
+ with :
32
+ ref : ${{ inputs.tag }}
33
+ list-files : ' json'
34
+ filters : |
35
+ lbox:
36
+ - 'libs/lbox*/**'
37
+ - id : matrix
38
+ uses : ./.github/actions/lbox-matrix
39
+ with :
40
+ files-changed : ${{ steps.filter.outputs.lbox_files }}
41
+ build :
42
+ runs-on : ubuntu-latest
43
+ needs : ['path-filter', 'test-build']
44
+ outputs :
45
+ hashes : ${{ steps.hash.outputs.hashes_lbox-clients }}
46
+ strategy :
47
+ fail-fast : false
48
+ matrix :
49
+ include : ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
50
+ steps :
51
+ - uses : actions/checkout@v4
52
+ with :
53
+ # ref: ${{ inputs.tag }}
54
+ ref : ${{ inputs.tag }}
55
+ - name : Install the latest version of rye
56
+ uses : eifinger/setup-rye@v2
57
+ with :
58
+ version : ${{ vars.RYE_VERSION }}
59
+ enable-cache : true
60
+ - name : Rye Setup
61
+ run : |
62
+ rye config --set-bool behavior.use-uv=true
63
+ - name : Create build
64
+ working-directory : libs/${{ matrix.package }}
65
+ run : |
66
+ rye sync
67
+ rye build
68
+ - name : " Generate hashes"
69
+ id : hash
70
+ run : |
71
+ cd dist && echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
72
+ echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)"
73
+ - uses : actions/upload-artifact@v4
74
+ with :
75
+ name : build-${{ matrix.package }}
76
+ path : ./dist
77
+ provenance_python :
78
+ needs : [build]
79
+ permissions :
80
+ actions : read
81
+ contents : write
82
+ id-token : write # Needed to access the workflow's OIDC identity.
83
+ uses : slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
84
+ with :
85
+ base64-subjects : " ${{ needs.build.outputs.hashes }}"
86
+ upload-assets : true
87
+ upload-tag-name : ${{ inputs.tag }} # Tag from the initiation of the workflow
88
+ provenance-name : lbox-clients.intoto.jsonl
89
+
90
+ test-build :
91
+ needs : ['path-filter']
92
+ if : ${{ needs.path-filter.outputs.lbox == 'true' }}
93
+ runs-on : ubuntu-latest
94
+ strategy :
95
+ fail-fast : false
96
+ matrix :
97
+ include : ${{ fromJSON(needs.path-filter.outputs.test-matrix) }}
98
+ concurrency :
99
+ group : lbox-staging-${{ matrix.python-version }}-${{ matrix.package }}
100
+ cancel-in-progress : false
101
+ steps :
102
+ - uses : actions/checkout@v4
103
+ with :
104
+ token : ${{ secrets.ACTIONS_ACCESS_TOKEN }}
105
+ # ref: ${{ inputs.tag }}
106
+ ref : ${{ inputs.tag }}
107
+ - uses : ./.github/actions/python-package-shared-setup
108
+ with :
109
+ rye-version : ${{ vars.RYE_VERSION }}
110
+ python-version : ${{ matrix.python-version }}
111
+ - name : Format
112
+ run : rye format --check -v -p ${{ matrix.package }}
113
+ - name : Linting
114
+ run : rye lint -v -p ${{ matrix.package }}
115
+ - name : Unit
116
+ working-directory : libs/${{ matrix.package }}
117
+ run : rye run unit
118
+ - name : Integration
119
+ working-directory : libs/${{ matrix.package }}
120
+ env :
121
+ LABELBOX_TEST_API_KEY : ${{ secrets[matrix.api-key] }}
122
+ DA_GCP_LABELBOX_API_KEY : ${{ secrets[matrix.da-test-key] }}
123
+ LABELBOX_TEST_ENVIRON : ' staging'
124
+ run : rye run integration
125
+ pypi-publish :
126
+ runs-on : ubuntu-latest
127
+ needs : ['build', 'test-build', 'path-filter']
128
+ strategy :
129
+ fail-fast : false
130
+ matrix :
131
+ include : ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
132
+ environment :
133
+ name : publish-${{ matrix.package }}
134
+ url : ' https://pypi.org/project/${{ matrix.package }}'
135
+ permissions :
136
+ # IMPORTANT: this permission is mandatory for trusted publishing
137
+ id-token : write
138
+ steps :
139
+ - uses : actions/download-artifact@v4
140
+ with :
141
+ name : build-${{ matrix.package }}
142
+ path : ./artifact
143
+ - name : Publish package distributions to PyPI
144
+ uses : pypa/gh-action-pypi-publish@release/v1
145
+ with :
146
+ packages-dir : artifact/
147
+ container-publish :
148
+ runs-on : ubuntu-latest
149
+ needs : ['build', 'path-filter']
150
+ if : ${{ needs.path-filter.outputs.lbox == 'true' }}
151
+ strategy :
152
+ fail-fast : false
153
+ matrix :
154
+ include : ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
155
+ permissions :
156
+ # IMPORTANT: this permission is mandatory for trusted publishing
157
+ packages : write
158
+ steps :
159
+ - uses : actions/checkout@v4
160
+ with :
161
+ # ref: ${{ inputs.tag }}
162
+ ref : ${{ inputs.tag }}
163
+ - name : Set up Docker Buildx
164
+ uses : docker/setup-buildx-action@v3
165
+ - name : Log in to the Container registry
166
+ uses : docker/login-action@v3
167
+ with :
168
+ registry : ghcr.io
169
+ username : ${{ github.actor }}
170
+ password : ${{ secrets.GITHUB_TOKEN }}
171
+ - name : Build and push
172
+ uses : docker/build-push-action@v5
173
+ id : build_container
174
+ with :
175
+ context : .
176
+ file : ./libs/${{ matrix.package }}/Dockerfile
177
+ github-token : ${{ secrets.GITHUB_TOKEN }}
178
+ push : true
179
+ platforms : |
180
+ linux/amd64
181
+ linux/arm64
182
+ tags : |
183
+ ghcr.io/labelbox/${{ matrix.package }}:latest
184
+ ghcr.io/labelbox/${{ matrix.package }}:${{ inputs.tag }}
185
+ - name : Output image
186
+ id : image
187
+ run : |
188
+ echo "ghcr.io/labelbox/${{ matrix.package }}:latest" >> "$GITHUB_STEP_SUMMARY"
189
+ echo "ghcr.io/labelbox/${{ matrix.package }}:${{ inputs.tag }}" >> "$GITHUB_STEP_SUMMARY"
0 commit comments