Skip to content

Commit fd5a6af

Browse files
author
Val Brodsky
committed
Workflow to publish lbox packages
1 parent 454ea1f commit fd5a6af

File tree

4 files changed

+207
-1
lines changed

4 files changed

+207
-1
lines changed

.github/actions/provenance/action.yml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
name: Labelbox Python SDK Provenance Generation
2+
3+
inputs:
4+
subjects:
5+
required: true
6+
type: string
7+
runs:
8+
using: "composite"
9+
steps:
10+
- name: upload
11+
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
12+
with:
13+
base64-subjects: "${{ inputs.subjects }}"
14+
upload-assets: true
15+
upload-tag-name: v.6.0.0 # Tag from the initiation of the workflow

.github/workflows/lbox-publish.yml

Lines changed: 190 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,190 @@
1+
name: LBox Publish
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
tag:
7+
description: 'Release Tag'
8+
required: true
9+
default: 'v6.0.0'
10+
11+
concurrency:
12+
group: ${{ github.workflow }}-${{ github.ref }}
13+
cancel-in-progress: true
14+
15+
permissions:
16+
id-token: write
17+
18+
jobs:
19+
path-filter:
20+
runs-on: ubuntu-latest
21+
outputs:
22+
lbox: ${{ true }}
23+
test-matrix: ${{ steps.matrix.outputs.test-matrix }}
24+
package-matrix: ${{ steps.matrix.outputs.publish-matrix }}
25+
steps:
26+
- uses: actions/checkout@v4
27+
with:
28+
# ref: ${{ inputs.tag }}
29+
ref: ${{ inputs.tag }}
30+
- uses: dorny/paths-filter@v3
31+
id: filter
32+
with:
33+
ref: ${{ inputs.tag }}
34+
list-files: 'json'
35+
filters: |
36+
lbox:
37+
- 'libs/lbox*/**'
38+
- id: matrix
39+
uses: ./.github/actions/lbox-matrix
40+
with:
41+
files-changed: ${{ steps.filter.outputs.lbox_files }}
42+
build:
43+
runs-on: ubuntu-latest
44+
needs: ['path-filter', 'test-build']
45+
outputs:
46+
hashes: ${{ steps.hash.outputs.hashes_lbox-clients }}
47+
strategy:
48+
fail-fast: false
49+
matrix:
50+
include: ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
51+
steps:
52+
- uses: actions/checkout@v4
53+
with:
54+
# ref: ${{ inputs.tag }}
55+
ref: ${{ inputs.tag }}
56+
- name: Install the latest version of rye
57+
uses: eifinger/setup-rye@v2
58+
with:
59+
version: ${{ vars.RYE_VERSION }}
60+
enable-cache: true
61+
- name: Rye Setup
62+
run: |
63+
rye config --set-bool behavior.use-uv=true
64+
- name: Create build
65+
working-directory: libs/${{ matrix.package }}
66+
run: |
67+
rye sync
68+
rye build
69+
- name: "Generate hashes"
70+
id: hash
71+
run: |
72+
cd dist && echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
73+
echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)"
74+
- uses: actions/upload-artifact@v4
75+
with:
76+
name: build-${{ matrix.package }}
77+
path: ./dist
78+
provenance_python:
79+
needs: [build]
80+
permissions:
81+
actions: read
82+
contents: write
83+
id-token: write # Needed to access the workflow's OIDC identity.
84+
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
85+
with:
86+
base64-subjects: "${{ needs.build.outputs.hashes }}"
87+
upload-assets: true
88+
upload-tag-name: ${{ inputs.tag }} # Tag from the initiation of the workflow
89+
provenance-name: lbox-clients.intoto.jsonl
90+
91+
test-build:
92+
needs: ['path-filter']
93+
if: ${{ needs.path-filter.outputs.lbox == 'true' }}
94+
runs-on: ubuntu-latest
95+
strategy:
96+
fail-fast: false
97+
matrix:
98+
include: ${{ fromJSON(needs.path-filter.outputs.test-matrix) }}
99+
concurrency:
100+
group: lbox-staging-${{ matrix.python-version }}-${{ matrix.package }}
101+
cancel-in-progress: false
102+
steps:
103+
- uses: actions/checkout@v4
104+
with:
105+
token: ${{ secrets.ACTIONS_ACCESS_TOKEN }}
106+
# ref: ${{ inputs.tag }}
107+
ref: ${{ inputs.tag }}
108+
- uses: ./.github/actions/python-package-shared-setup
109+
with:
110+
rye-version: ${{ vars.RYE_VERSION }}
111+
python-version: ${{ matrix.python-version }}
112+
- name: Format
113+
run: rye format --check -v -p ${{ matrix.package }}
114+
- name: Linting
115+
run: rye lint -v -p ${{ matrix.package }}
116+
- name: Unit
117+
working-directory: libs/${{ matrix.package }}
118+
run: rye run unit
119+
- name: Integration
120+
working-directory: libs/${{ matrix.package }}
121+
env:
122+
LABELBOX_TEST_API_KEY: ${{ secrets[matrix.api-key] }}
123+
DA_GCP_LABELBOX_API_KEY: ${{ secrets[matrix.da-test-key] }}
124+
LABELBOX_TEST_ENVIRON: 'staging'
125+
run: rye run integration
126+
pypi-publish:
127+
runs-on: ubuntu-latest
128+
needs: ['build', 'test-build', 'path-filter']
129+
strategy:
130+
fail-fast: false
131+
matrix:
132+
include: ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
133+
environment:
134+
name: publish-${{ matrix.package }}
135+
url: 'https://pypi.org/project/${{ matrix.package }}'
136+
permissions:
137+
# IMPORTANT: this permission is mandatory for trusted publishing
138+
id-token: write
139+
steps:
140+
- uses: actions/download-artifact@v4
141+
with:
142+
name: build-${{ matrix.package }}
143+
path: ./artifact
144+
- name: Publish package distributions to PyPI
145+
uses: pypa/gh-action-pypi-publish@release/v1
146+
with:
147+
packages-dir: artifact/
148+
container-publish:
149+
runs-on: ubuntu-latest
150+
needs: ['build', 'path-filter']
151+
if: ${{ needs.path-filter.outputs.lbox == 'true' }}
152+
strategy:
153+
fail-fast: false
154+
matrix:
155+
include: ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
156+
permissions:
157+
# IMPORTANT: this permission is mandatory for trusted publishing
158+
packages: write
159+
steps:
160+
- uses: actions/checkout@v4
161+
with:
162+
# ref: ${{ inputs.tag }}
163+
ref: ${{ inputs.tag }}
164+
- name: Set up Docker Buildx
165+
uses: docker/setup-buildx-action@v3
166+
- name: Log in to the Container registry
167+
uses: docker/login-action@v3
168+
with:
169+
registry: ghcr.io
170+
username: ${{ github.actor }}
171+
password: ${{ secrets.GITHUB_TOKEN }}
172+
- name: Build and push
173+
uses: docker/build-push-action@v5
174+
id: build_container
175+
with:
176+
context: .
177+
file: ./libs/${{ matrix.package }}/Dockerfile
178+
github-token: ${{ secrets.GITHUB_TOKEN }}
179+
push: true
180+
platforms: |
181+
linux/amd64
182+
linux/arm64
183+
tags: |
184+
ghcr.io/labelbox/${{ matrix.package }}:latest
185+
ghcr.io/labelbox/${{ matrix.package }}:${{ inputs.tag }}
186+
- name: Output image
187+
id: image
188+
run: |
189+
echo "ghcr.io/labelbox/${{ matrix.package }}:latest" >> "$GITHUB_STEP_SUMMARY"
190+
echo "ghcr.io/labelbox/${{ matrix.package }}:${{ inputs.tag }}" >> "$GITHUB_STEP_SUMMARY"

libs/lbox-clients/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# lbox-example
1+
# lbox-clients
22

33
This is an example module which can be cloned and reused to develop modules under the `lbox` namespace.
44

libs/lbox-clients/src/lbox/request_client.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
# for the Labelbox Python SDK
12
import inspect
23
import json
34
import logging

0 commit comments

Comments
 (0)