1+ name : LBox Publish
2+
3+ on :
4+ workflow_dispatch :
5+ inputs :
6+ tag :
7+ description : ' Release Tag'
8+ required : true
9+ default : ' v6.0.0'
10+
11+ concurrency :
12+ group : ${{ github.workflow }}-${{ github.ref }}
13+ cancel-in-progress : true
14+
15+ permissions :
16+ id-token : write
17+
18+ jobs :
19+ path-filter :
20+ runs-on : ubuntu-latest
21+ outputs :
22+ lbox : ${{ true }}
23+ test-matrix : ${{ steps.matrix.outputs.test-matrix }}
24+ package-matrix : ${{ steps.matrix.outputs.publish-matrix }}
25+ steps :
26+ - uses : actions/checkout@v4
27+ with :
28+ # ref: ${{ inputs.tag }}
29+ ref : ${{ inputs.tag }}
30+ - uses : dorny/paths-filter@v3
31+ id : filter
32+ with :
33+ ref : ${{ inputs.tag }}
34+ list-files : ' json'
35+ filters : |
36+ lbox:
37+ - 'libs/lbox*/**'
38+ id : matrix
39+ uses : ./.github/actions/lbox-matrix
40+ with :
41+ files-changed : ${{ steps.filter.outputs.lbox_files }}
42+ build :
43+ runs-on : ubuntu-latest
44+ needs : ['path-filter', 'test-build']
45+ outputs :
46+ hashes : ${{ steps.hash.outputs.hashes_lbox-clients }}
47+ strategy :
48+ fail-fast : false
49+ matrix :
50+ include : ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
51+ steps :
52+ - uses : actions/checkout@v4
53+ with :
54+ # ref: ${{ inputs.tag }}
55+ ref : ${{ inputs.tag }}
56+ - name : Install the latest version of rye
57+ uses : eifinger/setup-rye@v2
58+ with :
59+ version : ${{ vars.RYE_VERSION }}
60+ enable-cache : true
61+ - name : Rye Setup
62+ run : |
63+ rye config --set-bool behavior.use-uv=true
64+ name : Create build
65+ working-directory : libs/${{ matrix.package }}
66+ run : |
67+ rye sync
68+ rye build
69+ name : " Generate hashes"
70+ id : hash
71+ run : |
72+ cd dist && echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
73+ echo "hashes_${{ matrix.package }}=$(sha256sum * | base64 -w0)"
74+ uses : actions/upload-artifact@v4
75+ with :
76+ name : build-${{ matrix.package }}
77+ path : ./dist
78+ provenance_python :
79+ needs : [build]
80+ permissions :
81+ actions : read
82+ contents : write
83+ id-token : write # Needed to access the workflow's OIDC identity.
84+ uses : slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
85+ with :
86+ base64-subjects : " ${{ needs.build.outputs.hashes }}"
87+ upload-assets : true
88+ upload-tag-name : ${{ inputs.tag }} # Tag from the initiation of the workflow
89+ provenance-name : lbox-clients.intoto.jsonl
90+
91+ test-build :
92+ needs : ['path-filter']
93+ if : ${{ needs.path-filter.outputs.lbox == 'true' }}
94+ runs-on : ubuntu-latest
95+ strategy :
96+ fail-fast : false
97+ matrix :
98+ include : ${{ fromJSON(needs.path-filter.outputs.test-matrix) }}
99+ concurrency :
100+ group : lbox-staging-${{ matrix.python-version }}-${{ matrix.package }}
101+ cancel-in-progress : false
102+ steps :
103+ - uses : actions/checkout@v4
104+ with :
105+ token : ${{ secrets.ACTIONS_ACCESS_TOKEN }}
106+ # ref: ${{ inputs.tag }}
107+ ref : ${{ inputs.tag }}
108+ - uses : ./.github/actions/python-package-shared-setup
109+ with :
110+ rye-version : ${{ vars.RYE_VERSION }}
111+ python-version : ${{ matrix.python-version }}
112+ - name : Format
113+ run : rye format --check -v -p ${{ matrix.package }}
114+ - name : Linting
115+ run : rye lint -v -p ${{ matrix.package }}
116+ - name : Unit
117+ working-directory : libs/${{ matrix.package }}
118+ run : rye run unit
119+ - name : Integration
120+ working-directory : libs/${{ matrix.package }}
121+ env :
122+ LABELBOX_TEST_API_KEY : ${{ secrets[matrix.api-key] }}
123+ DA_GCP_LABELBOX_API_KEY : ${{ secrets[matrix.da-test-key] }}
124+ LABELBOX_TEST_ENVIRON : ' staging'
125+ run : rye run integration
126+ pypi-publish :
127+ runs-on : ubuntu-latest
128+ needs : ['build', 'test-build', 'path-filter']
129+ strategy :
130+ fail-fast : false
131+ matrix :
132+ include : ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
133+ environment :
134+ name : publish-${{ matrix.package }}
135+ url : ' https://pypi.org/project/${{ matrix.package }}'
136+ permissions :
137+ # IMPORTANT: this permission is mandatory for trusted publishing
138+ id-token : write
139+ steps :
140+ - uses : actions/download-artifact@v4
141+ with :
142+ name : build-${{ matrix.package }}
143+ path : ./artifact
144+ - name : Publish package distributions to PyPI
145+ uses : pypa/gh-action-pypi-publish@release/v1
146+ with :
147+ packages-dir : artifact/
148+ container-publish :
149+ runs-on : ubuntu-latest
150+ needs : ['build', 'path-filter']
151+ if : ${{ needs.path-filter.outputs.lbox == 'true' }}
152+ strategy :
153+ fail-fast : false
154+ matrix :
155+ include : ${{ fromJSON(needs.path-filter.outputs.package-matrix) }}
156+ permissions :
157+ # IMPORTANT: this permission is mandatory for trusted publishing
158+ packages : write
159+ steps :
160+ - uses : actions/checkout@v4
161+ with :
162+ # ref: ${{ inputs.tag }}
163+ ref : ${{ inputs.tag }}
164+ - name : Set up Docker Buildx
165+ uses : docker/setup-buildx-action@v3
166+ - name : Log in to the Container registry
167+ uses : docker/login-action@v3
168+ with :
169+ registry : ghcr.io
170+ username : ${{ github.actor }}
171+ password : ${{ secrets.GITHUB_TOKEN }}
172+ - name : Build and push
173+ uses : docker/build-push-action@v5
174+ id : build_container
175+ with :
176+ context : .
177+ file : ./libs/${{ matrix.package }}/Dockerfile
178+ github-token : ${{ secrets.GITHUB_TOKEN }}
179+ push : true
180+ platforms : |
181+ linux/amd64
182+ linux/arm64
183+ tags : |
184+ ghcr.io/labelbox/${{ matrix.package }}:latest
185+ ghcr.io/labelbox/${{ matrix.package }}:${{ inputs.tag }}
186+ name : Output image
187+ id : image
188+ run : |
189+ echo "ghcr.io/labelbox/${{ matrix.package }}:latest" >> "$GITHUB_STEP_SUMMARY"
190+ echo "ghcr.io/labelbox/${{ matrix.package }}:${{ inputs.tag }}" >> "$GITHUB_STEP_SUMMARY"
0 commit comments