Skip to content

Commit a0eab95

Browse files
author
Val Brodsky
committed
Workflow to publish lbox packages
1 parent 454ea1f commit a0eab95

File tree

4 files changed

+206
-1
lines changed

4 files changed

+206
-1
lines changed

.github/actions/provenance/action.yml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
name: Labelbox Python SDK Provenance Generation
2+
3+
inputs:
4+
subjects:
5+
required: true
6+
type: string
7+
runs:
8+
using: "composite"
9+
steps:
10+
- name: upload
11+
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
12+
with:
13+
base64-subjects: "${{ inputs.subjects }}"
14+
upload-assets: true
15+
upload-tag-name: v.6.0.0 # Tag from the initiation of the workflow

.github/workflows/lbox-publish.yml

Lines changed: 189 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,189 @@
1+
name: LBox Publish
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
tag:
7+
description: 'Release Tag'
8+
required: true
9+
10+
concurrency:
11+
group: ${{ github.workflow }}-${{ github.ref }}
12+
cancel-in-progress: true
13+
14+
permissions:
15+
id-token: write
16+
17+
jobs:
18+
path-filter:
19+
runs-on: ubuntu-latest
20+
outputs:
21+
lbox: ${{ true }}
22+
test-matrix: ${{ steps.matrix.outputs.test-matrix }}
23+
package-matrix: ${{ steps.matrix.outputs.publish-matrix }}
24+
steps:
25+
- uses: actions/checkout@v4
26+
with:
27+
# ref: ${{ inputs.tag }}
28+
ref: ${{ inputs.tag }}
29+
- uses: dorny/paths-filter@v3
30+
id: filter
31+
with:
32+
ref: ${{ inputs.tag }}
33+
list-files: 'json'
34+
filters: |
35+
lbox:
36+
- 'libs/lbox*/**'
37+
- id: matrix
38+
uses: ./.github/actions/lbox-matrix
39+
with:
40+
files-changed: ${{ steps.filter.outputs.lbox_files }}
41+
build:
42+
runs-on: ubuntu-latest
43+
needs: ['path-filter', 'test-build']
44+
outputs:
45+
hashes: ${{ steps.hash.outputs.hashes_lbox-clients }}
46+
strategy:
47+
fail-fast: false
48+
matrix:
49+
include: ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
50+
steps:
51+
- uses: actions/checkout@v4
52+
with:
53+
# ref: ${{ inputs.tag }}
54+
ref: ${{ inputs.tag }}
55+
- name: Install the latest version of rye
56+
uses: eifinger/setup-rye@v2
57+
with:
58+
version: ${{ vars.RYE_VERSION }}
59+
enable-cache: true
60+
- name: Rye Setup
61+
run: |
62+
rye config --set-bool behavior.use-uv=true
63+
- name: Create build
64+
working-directory: libs/${{ matrix.package }}
65+
run: |
66+
rye sync
67+
rye build
68+
- name: "Generate hashes"
69+
id: hash
70+
run: |
71+
cd dist && echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
72+
echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)"
73+
- uses: actions/upload-artifact@v4
74+
with:
75+
name: build-${{ matrix.package }}
76+
path: ./dist
77+
provenance_python:
78+
needs: [build]
79+
permissions:
80+
actions: read
81+
contents: write
82+
id-token: write # Needed to access the workflow's OIDC identity.
83+
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
84+
with:
85+
base64-subjects: "${{ needs.build.outputs.hashes }}"
86+
upload-assets: true
87+
upload-tag-name: ${{ inputs.tag }} # Tag from the initiation of the workflow
88+
provenance-name: lbox-clients.intoto.jsonl
89+
90+
test-build:
91+
needs: ['path-filter']
92+
if: ${{ needs.path-filter.outputs.lbox == 'true' }}
93+
runs-on: ubuntu-latest
94+
strategy:
95+
fail-fast: false
96+
matrix:
97+
include: ${{ fromJSON(needs.path-filter.outputs.test-matrix) }}
98+
concurrency:
99+
group: lbox-staging-${{ matrix.python-version }}-${{ matrix.package }}
100+
cancel-in-progress: false
101+
steps:
102+
- uses: actions/checkout@v4
103+
with:
104+
token: ${{ secrets.ACTIONS_ACCESS_TOKEN }}
105+
# ref: ${{ inputs.tag }}
106+
ref: ${{ inputs.tag }}
107+
- uses: ./.github/actions/python-package-shared-setup
108+
with:
109+
rye-version: ${{ vars.RYE_VERSION }}
110+
python-version: ${{ matrix.python-version }}
111+
- name: Format
112+
run: rye format --check -v -p ${{ matrix.package }}
113+
- name: Linting
114+
run: rye lint -v -p ${{ matrix.package }}
115+
- name: Unit
116+
working-directory: libs/${{ matrix.package }}
117+
run: rye run unit
118+
- name: Integration
119+
working-directory: libs/${{ matrix.package }}
120+
env:
121+
LABELBOX_TEST_API_KEY: ${{ secrets[matrix.api-key] }}
122+
DA_GCP_LABELBOX_API_KEY: ${{ secrets[matrix.da-test-key] }}
123+
LABELBOX_TEST_ENVIRON: 'staging'
124+
run: rye run integration
125+
pypi-publish:
126+
runs-on: ubuntu-latest
127+
needs: ['build', 'test-build', 'path-filter']
128+
strategy:
129+
fail-fast: false
130+
matrix:
131+
include: ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
132+
environment:
133+
name: publish-${{ matrix.package }}
134+
url: 'https://pypi.org/project/${{ matrix.package }}'
135+
permissions:
136+
# IMPORTANT: this permission is mandatory for trusted publishing
137+
id-token: write
138+
steps:
139+
- uses: actions/download-artifact@v4
140+
with:
141+
name: build-${{ matrix.package }}
142+
path: ./artifact
143+
- name: Publish package distributions to PyPI
144+
uses: pypa/gh-action-pypi-publish@release/v1
145+
with:
146+
packages-dir: artifact/
147+
container-publish:
148+
runs-on: ubuntu-latest
149+
needs: ['build', 'path-filter']
150+
if: ${{ needs.path-filter.outputs.lbox == 'true' }}
151+
strategy:
152+
fail-fast: false
153+
matrix:
154+
include: ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
155+
permissions:
156+
# IMPORTANT: this permission is mandatory for trusted publishing
157+
packages: write
158+
steps:
159+
- uses: actions/checkout@v4
160+
with:
161+
# ref: ${{ inputs.tag }}
162+
ref: ${{ inputs.tag }}
163+
- name: Set up Docker Buildx
164+
uses: docker/setup-buildx-action@v3
165+
- name: Log in to the Container registry
166+
uses: docker/login-action@v3
167+
with:
168+
registry: ghcr.io
169+
username: ${{ github.actor }}
170+
password: ${{ secrets.GITHUB_TOKEN }}
171+
- name: Build and push
172+
uses: docker/build-push-action@v5
173+
id: build_container
174+
with:
175+
context: .
176+
file: ./libs/${{ matrix.package }}/Dockerfile
177+
github-token: ${{ secrets.GITHUB_TOKEN }}
178+
push: true
179+
platforms: |
180+
linux/amd64
181+
linux/arm64
182+
tags: |
183+
ghcr.io/labelbox/${{ matrix.package }}:latest
184+
ghcr.io/labelbox/${{ matrix.package }}:${{ inputs.tag }}
185+
- name: Output image
186+
id: image
187+
run: |
188+
echo "ghcr.io/labelbox/${{ matrix.package }}:latest" >> "$GITHUB_STEP_SUMMARY"
189+
echo "ghcr.io/labelbox/${{ matrix.package }}:${{ inputs.tag }}" >> "$GITHUB_STEP_SUMMARY"

libs/lbox-clients/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# lbox-example
1+
# lbox-clients
22

33
This is an example module which can be cloned and reused to develop modules under the `lbox` namespace.
44

libs/lbox-clients/src/lbox/request_client.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
# for the Labelbox Python SDK
12
import inspect
23
import json
34
import logging

0 commit comments

Comments
 (0)