1
+ name : LBox Publish
2
+
3
+ on :
4
+ workflow_dispatch :
5
+ inputs :
6
+ tag :
7
+ description : ' Release Tag'
8
+ required : true
9
+ default : ' v6.0.0'
10
+
11
+ concurrency :
12
+ group : ${{ github.workflow }}-${{ github.ref }}
13
+ cancel-in-progress : true
14
+
15
+ permissions :
16
+ id-token : write
17
+
18
+ jobs :
19
+ path-filter :
20
+ runs-on : ubuntu-latest
21
+ outputs :
22
+ lbox : ${{ true }}
23
+ test-matrix : ${{ steps.matrix.outputs.test-matrix }}
24
+ package-matrix : ${{ steps.matrix.outputs.publish-matrix }}
25
+ steps :
26
+ - uses : actions/checkout@v4
27
+ with :
28
+ # ref: ${{ inputs.tag }}
29
+ ref : ${{ inputs.tag }}
30
+ - uses : dorny/paths-filter@v3
31
+ id : filter
32
+ with :
33
+ ref : ${{ inputs.tag }}
34
+ list-files : ' json'
35
+ filters : |
36
+ lbox:
37
+ - 'libs/lbox*/**'
38
+ - id : matrix
39
+ uses : ./.github/actions/lbox-matrix
40
+ with :
41
+ files-changed : ${{ steps.filter.outputs.lbox_files }}
42
+ build :
43
+ runs-on : ubuntu-latest
44
+ needs : ['path-filter', 'test-build']
45
+ outputs :
46
+ hashes : ${{ steps.hash.outputs.hashes_lbox-clients }}
47
+ strategy :
48
+ fail-fast : false
49
+ matrix :
50
+ include : ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
51
+ steps :
52
+ - uses : actions/checkout@v4
53
+ with :
54
+ # ref: ${{ inputs.tag }}
55
+ ref : ${{ inputs.tag }}
56
+ - name : Install the latest version of rye
57
+ uses : eifinger/setup-rye@v2
58
+ with :
59
+ version : ${{ vars.RYE_VERSION }}
60
+ enable-cache : true
61
+ - name : Rye Setup
62
+ run : |
63
+ rye config --set-bool behavior.use-uv=true
64
+ - name : Create build
65
+ working-directory : libs/${{ matrix.package }}
66
+ run : |
67
+ rye sync
68
+ rye build
69
+ - name : " Generate hashes"
70
+ id : hash
71
+ run : |
72
+ cd dist && echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
73
+ echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)"
74
+ - uses : actions/upload-artifact@v4
75
+ with :
76
+ name : build-${{ matrix.package }}
77
+ path : ./dist
78
+ provenance_python :
79
+ needs : [build]
80
+ permissions :
81
+ actions : read
82
+ contents : write
83
+ id-token : write # Needed to access the workflow's OIDC identity.
84
+ uses : slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
85
+ with :
86
+ base64-subjects : " ${{ needs.build.outputs.hashes }}"
87
+ upload-assets : true
88
+ upload-tag-name : ${{ inputs.tag }} # Tag from the initiation of the workflow
89
+ provenance-name : lbox-clients.intoto.jsonl
90
+
91
+ test-build :
92
+ needs : ['path-filter']
93
+ if : ${{ needs.path-filter.outputs.lbox == 'true' }}
94
+ runs-on : ubuntu-latest
95
+ strategy :
96
+ fail-fast : false
97
+ matrix :
98
+ include : ${{ fromJSON(needs.path-filter.outputs.test-matrix) }}
99
+ concurrency :
100
+ group : lbox-staging-${{ matrix.python-version }}-${{ matrix.package }}
101
+ cancel-in-progress : false
102
+ steps :
103
+ - uses : actions/checkout@v4
104
+ with :
105
+ token : ${{ secrets.ACTIONS_ACCESS_TOKEN }}
106
+ # ref: ${{ inputs.tag }}
107
+ ref : ${{ inputs.tag }}
108
+ - uses : ./.github/actions/python-package-shared-setup
109
+ with :
110
+ rye-version : ${{ vars.RYE_VERSION }}
111
+ python-version : ${{ matrix.python-version }}
112
+ - name : Format
113
+ run : rye format --check -v -p ${{ matrix.package }}
114
+ - name : Linting
115
+ run : rye lint -v -p ${{ matrix.package }}
116
+ - name : Unit
117
+ working-directory : libs/${{ matrix.package }}
118
+ run : rye run unit
119
+ - name : Integration
120
+ working-directory : libs/${{ matrix.package }}
121
+ env :
122
+ LABELBOX_TEST_API_KEY : ${{ secrets[matrix.api-key] }}
123
+ DA_GCP_LABELBOX_API_KEY : ${{ secrets[matrix.da-test-key] }}
124
+ LABELBOX_TEST_ENVIRON : ' staging'
125
+ run : rye run integration
126
+ pypi-publish :
127
+ runs-on : ubuntu-latest
128
+ needs : ['build', 'test-build', 'path-filter']
129
+ strategy :
130
+ fail-fast : false
131
+ matrix :
132
+ include : ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
133
+ environment :
134
+ name : publish-${{ matrix.package }}
135
+ url : ' https://pypi.org/project/${{ matrix.package }}'
136
+ permissions :
137
+ # IMPORTANT: this permission is mandatory for trusted publishing
138
+ id-token : write
139
+ steps :
140
+ - uses : actions/download-artifact@v4
141
+ with :
142
+ name : build-${{ matrix.package }}
143
+ path : ./artifact
144
+ - name : Publish package distributions to PyPI
145
+ uses : pypa/gh-action-pypi-publish@release/v1
146
+ with :
147
+ packages-dir : artifact/
148
+ container-publish :
149
+ runs-on : ubuntu-latest
150
+ needs : ['build', 'path-filter']
151
+ if : ${{ needs.path-filter.outputs.lbox == 'true' }}
152
+ strategy :
153
+ fail-fast : false
154
+ matrix :
155
+ include : ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
156
+ permissions :
157
+ # IMPORTANT: this permission is mandatory for trusted publishing
158
+ packages : write
159
+ steps :
160
+ - uses : actions/checkout@v4
161
+ with :
162
+ # ref: ${{ inputs.tag }}
163
+ ref : ${{ inputs.tag }}
164
+ - name : Set up Docker Buildx
165
+ uses : docker/setup-buildx-action@v3
166
+ - name : Log in to the Container registry
167
+ uses : docker/login-action@v3
168
+ with :
169
+ registry : ghcr.io
170
+ username : ${{ github.actor }}
171
+ password : ${{ secrets.GITHUB_TOKEN }}
172
+ - name : Build and push
173
+ uses : docker/build-push-action@v5
174
+ id : build_container
175
+ with :
176
+ context : .
177
+ file : ./libs/${{ matrix.package }}/Dockerfile
178
+ github-token : ${{ secrets.GITHUB_TOKEN }}
179
+ push : true
180
+ platforms : |
181
+ linux/amd64
182
+ linux/arm64
183
+ tags : |
184
+ ghcr.io/labelbox/${{ matrix.package }}:latest
185
+ ghcr.io/labelbox/${{ matrix.package }}:${{ inputs.tag }}
186
+ - name : Output image
187
+ id : image
188
+ run : |
189
+ echo "ghcr.io/labelbox/${{ matrix.package }}:latest" >> "$GITHUB_STEP_SUMMARY"
190
+ echo "ghcr.io/labelbox/${{ matrix.package }}:${{ inputs.tag }}" >> "$GITHUB_STEP_SUMMARY"
0 commit comments