@@ -23,18 +23,7 @@ permissions:
2323 id-token : write
2424
2525jobs :
26- build-lbox :
27- permissions :
28- actions : read
29- contents : write
30- id-token : write # Needed to access the workflow's OIDC identity.
31- packages : write
32- uses : ./.github/workflows/lbox-publish.yml
33- with :
34- tag : ${{ inputs.tag }}
35- secrets : inherit
3626 build :
37- needs : ['build-lbox']
3827 runs-on : ubuntu-latest
3928 outputs :
4029 hashes : ${{ steps.hash.outputs.hashes }}
@@ -63,186 +52,3 @@ jobs:
6352 with :
6453 name : build
6554 path : ./dist
66- provenance_python :
67- needs : [build]
68- permissions :
69- actions : read
70- contents : write
71- id-token : write # Needed to access the workflow's OIDC identity.
72- uses : slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
73- with :
74- base64-subjects : " ${{ needs.build.outputs.hashes }}"
75- upload-assets : true
76- upload-tag-name : ${{ inputs.tag }} # Tag from the initiation of the workflow
77- test-build :
78- if : ${{ !inputs.skip-tests }}
79- needs : ['build']
80- runs-on : ubuntu-latest
81- strategy :
82- fail-fast : false
83- matrix :
84- include :
85- - python-version : 3.9
86- prod-key : PROD_LABELBOX_API_KEY_3
87- da-test-key : DA_GCP_LABELBOX_API_KEY
88- - python-version : " 3.10"
89- prod-key : PROD_LABELBOX_API_KEY_4
90- da-test-key : DA_GCP_LABELBOX_API_KEY
91- - python-version : 3.11
92- prod-key : LABELBOX_API_KEY
93- da-test-key : DA_GCP_LABELBOX_API_KEY
94- - python-version : 3.12
95- prod-key : PROD_LABELBOX_API_KEY_5
96- da-test-key : DA_GCP_LABELBOX_API_KEY
97- steps :
98- - uses : actions/checkout@v4
99- with :
100- ref : ${{ inputs.tag }}
101- - name : Install the latest version of rye
102- uses : eifinger/setup-rye@v2
103- with :
104- version : ${{ vars.RYE_VERSION }}
105- enable-cache : true
106- - name : Rye Setup
107- run : |
108- rye config --set-bool behavior.use-uv=true
109- name : Python setup
110- run : rye pin ${{ matrix.python-version }}
111- - uses : actions/download-artifact@v4
112- with :
113- name : build
114- path : ./dist
115- - name : Prepare package and environment
116- run : |
117- rye sync -f --update-all
118- rye run toml unset --toml-path pyproject.toml tool.rye.workspace
119- rye sync -f --update-all
120- name : Integration Testing
121- env :
122- PYTEST_XDIST_AUTO_NUM_WORKERS : 32
123- LABELBOX_TEST_API_KEY : ${{ secrets[matrix.prod-key] }}
124- DA_GCP_LABELBOX_API_KEY : ${{ secrets[matrix.da-test-key] }}
125- LABELBOX_TEST_ENVIRON : prod
126- run : |
127- rye add labelbox --path ./$(find ./dist/ -name *.tar.gz) --sync --absolute
128- cd libs/labelbox
129- rm pyproject.toml
130- rye run pytest tests/integration
131- name : Data Testing
132- env :
133- PYTEST_XDIST_AUTO_NUM_WORKERS : 32
134- LABELBOX_TEST_API_KEY : ${{ secrets[matrix.prod-key] }}
135- DA_GCP_LABELBOX_API_KEY : ${{ secrets[matrix.da-test-key] }}
136- LABELBOX_TEST_ENVIRON : prod
137- run : |
138- rye add labelbox --path ./$(find ./dist/ -name *.tar.gz) --sync --absolute --features data
139- cd libs/labelbox
140- rye run pytest tests/data
141- publish-python-package-to-release :
142- runs-on : ubuntu-latest
143- needs : ['build']
144- permissions :
145- contents : write
146- steps :
147- - uses : actions/checkout@v4
148- with :
149- ref : ${{ inputs.tag }}
150- - uses : actions/download-artifact@v4
151- with :
152- name : build
153- path : ./artifact
154- - name : Upload dist to release
155- run : |
156- gh release upload ${{ inputs.tag }} ./artifact/*
157- env :
158- GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
159- pypi-publish :
160- runs-on : ubuntu-latest
161- needs : ['build', 'test-build']
162- if : |
163- always() &&
164- (needs.test-build.result == 'success' || needs.test-build.result == 'skipped') && github.event.inputs.tag
165- environment :
166- name : publish
167- url : ' https://pypi.org/project/labelbox/'
168- permissions :
169- # IMPORTANT: this permission is mandatory for trusted publishing
170- id-token : write
171- steps :
172- - uses : actions/download-artifact@v4
173- with :
174- name : build
175- path : ./artifact
176- - name : Publish package distributions to PyPI
177- uses : pypa/gh-action-pypi-publish@release/v1
178- with :
179- packages-dir : artifact/
180- container-publish :
181- runs-on : ubuntu-latest
182- needs : ['build', 'test-build']
183- permissions :
184- packages : write
185- outputs :
186- image : ${{ steps.image.outputs.image }}
187- digest : ${{ steps.build_container.outputs.digest }}
188- if : |
189- always() &&
190- (needs.test-build.result == 'success' || needs.test-build.result == 'skipped') && github.event.inputs.tag
191- env :
192- CONTAINER_IMAGE : " ghcr.io/${{ github.repository }}"
193- steps :
194- - uses : actions/checkout@v4
195- with :
196- ref : ${{ inputs.tag }}
197-
198- - name : downcase CONTAINER_IMAGE
199- run : |
200- echo "CONTAINER_IMAGE=${CONTAINER_IMAGE,,}" >> ${GITHUB_ENV}
201-
202- name : Set up Docker Buildx
203- uses : docker/setup-buildx-action@v3
204-
205- - name : Log in to the Container registry
206- uses : docker/login-action@v3
207- with :
208- registry : ghcr.io
209- username : ${{ github.actor }}
210- password : ${{ secrets.GITHUB_TOKEN }}
211-
212- - name : Build and push
213- uses : docker/build-push-action@v5
214- id : build_container
215- with :
216- context : .
217- file : ./libs/labelbox/Dockerfile
218- github-token : ${{ secrets.GITHUB_TOKEN }}
219- push : true
220-
221- platforms : |
222- linux/amd64
223- linux/arm64
224-
225- tags : |
226- ${{ env.CONTAINER_IMAGE }}:latest
227- ${{ env.CONTAINER_IMAGE }}:${{ inputs.tag }}
228- name : Output image
229- id : image
230- run : |
231- # NOTE: Set the image as an output because the `env` context is not
232- # available to the inputs of a reusable workflow call.
233- image_name="${CONTAINER_IMAGE}"
234- echo "image=$image_name" >> "$GITHUB_OUTPUT"
235-
236- provenance_container :
237- needs : [container-publish]
238- permissions :
239- actions : read # for detecting the Github Actions environment.
240- id-token : write # for creating OIDC tokens for signing.
241- packages : write # for uploading attestations.
242- uses : slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
243- with :
244- image : ${{ needs. container-publish.outputs.image }}
245- digest : ${{ needs. container-publish.outputs.digest }}
246- registry-username : ${{ github.actor }}
247- secrets :
248- registry-password : ${{ secrets.GITHUB_TOKEN }}
0 commit comments