fix: Fix deployment for provider package (#77) #71
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow handles both automated and manual package publishing: | |
| # | |
| # AUTOMATED PUBLISHING (on push to main): | |
| # - Triggered automatically when changes are pushed to the main branch | |
| # - Uses release-please to create releases based on conventional commits | |
| # - Publishes packages to PyPI automatically when release PRs are merged | |
| # | |
| # MANUAL PUBLISHING (via workflow_dispatch): | |
| # - Can be triggered manually from the Actions tab | |
| # - Allows publishing a specific package to PyPI | |
| # - Supports dry-run mode | |
| # | |
| name: release-please | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| workspace_path: | |
| description: 'The workspace to publish' | |
| required: true | |
| default: 'packages/sdk/server-ai' | |
| type: choice | |
| options: | |
| - packages/sdk/server-ai | |
| - packages/ai-providers/server-ai-langchain | |
| dry_run: | |
| description: 'Is this a dry run. If so no package will be published.' | |
| type: boolean | |
| required: true | |
| jobs: | |
| release-please: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # Needed for release-please to create releases. | |
| pull-requests: write # Needed for release-please to create/update PRs. | |
| if: github.event_name == 'push' | |
| outputs: | |
| package-server-ai-released: ${{ steps.release.outputs['packages/sdk/server-ai--release_created'] }} | |
| package-server-ai-tag-name: ${{ steps.release.outputs['packages/sdk/server-ai--tag_name'] }} | |
| package-server-ai-langchain-released: ${{ steps.release.outputs['packages/ai-providers/server-ai-langchain--release_created'] }} | |
| package-server-ai-langchain-tag-name: ${{ steps.release.outputs['packages/ai-providers/server-ai-langchain--tag_name'] }} | |
| steps: | |
| - uses: googleapis/release-please-action@v4 | |
| id: release | |
| release-server-ai: | |
| runs-on: ubuntu-latest | |
| needs: ['release-please'] | |
| permissions: | |
| id-token: write # Needed for OIDC to get release secrets from AWS. | |
| if: ${{ needs.release-please.outputs.package-server-ai-released == 'true' }} | |
| outputs: | |
| package-hashes: ${{ steps.build.outputs.package-hashes }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install poetry | |
| uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 | |
| - uses: ./.github/actions/ci | |
| with: | |
| workspace_path: packages/sdk/server-ai | |
| - uses: ./.github/actions/build | |
| id: build | |
| with: | |
| workspace_path: packages/sdk/server-ai | |
| - uses: launchdarkly/gh-actions/actions/[email protected] | |
| name: 'Get PyPI token' | |
| with: | |
| aws_assume_role: ${{ vars.AWS_ROLE_ARN }} | |
| ssm_parameter_pairs: '/production/common/releasing/pypi/token = PYPI_AUTH_TOKEN' | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 | |
| with: | |
| password: ${{ env.PYPI_AUTH_TOKEN }} | |
| packages-dir: packages/sdk/server-ai/dist/ | |
| release-server-ai-langchain: | |
| runs-on: ubuntu-latest | |
| needs: ['release-please'] | |
| permissions: | |
| id-token: write # Needed for OIDC to get release secrets from AWS. | |
| if: ${{ needs.release-please.outputs.package-server-ai-langchain-released == 'true' }} | |
| outputs: | |
| package-hashes: ${{ steps.build.outputs.package-hashes }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install poetry | |
| uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 | |
| - uses: ./.github/actions/ci | |
| with: | |
| workspace_path: packages/ai-providers/server-ai-langchain | |
| - uses: ./.github/actions/build | |
| id: build | |
| with: | |
| workspace_path: packages/ai-providers/server-ai-langchain | |
| - uses: launchdarkly/gh-actions/actions/[email protected] | |
| name: 'Get PyPI token' | |
| with: | |
| aws_assume_role: ${{ vars.AWS_ROLE_ARN }} | |
| ssm_parameter_pairs: '/production/common/releasing/pypi/token = PYPI_AUTH_TOKEN' | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 | |
| with: | |
| password: ${{ env.PYPI_AUTH_TOKEN }} | |
| packages-dir: packages/ai-providers/server-ai-langchain/dist/ | |
| manual-publish: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'workflow_dispatch' | |
| permissions: | |
| id-token: write # Needed for OIDC to get release secrets from AWS. | |
| contents: read # Needed for actions/checkout. | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install poetry | |
| uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 | |
| - uses: ./.github/actions/ci | |
| with: | |
| workspace_path: ${{ inputs.workspace_path }} | |
| - uses: ./.github/actions/build | |
| id: build | |
| with: | |
| workspace_path: ${{ inputs.workspace_path }} | |
| - uses: launchdarkly/gh-actions/actions/[email protected] | |
| if: ${{ inputs.dry_run != true }} | |
| name: 'Get PyPI token' | |
| with: | |
| aws_assume_role: ${{ vars.AWS_ROLE_ARN }} | |
| ssm_parameter_pairs: '/production/common/releasing/pypi/token = PYPI_AUTH_TOKEN' | |
| - name: Publish to PyPI | |
| if: ${{ inputs.dry_run != true }} | |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 | |
| with: | |
| password: ${{ env.PYPI_AUTH_TOKEN }} | |
| packages-dir: ${{ inputs.workspace_path }}/dist/ | |
| release-server-ai-provenance: | |
| needs: ['release-please', 'release-server-ai'] | |
| if: ${{ needs.release-please.outputs.package-server-ai-released == 'true' }} | |
| permissions: | |
| actions: read # Needed for detecting the GitHub Actions environment. | |
| id-token: write # Needed for provenance signing. | |
| contents: write # Needed for uploading assets to the release. | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | |
| with: | |
| base64-subjects: "${{ needs.release-server-ai.outputs.package-hashes }}" | |
| upload-assets: true | |
| upload-tag-name: ${{ needs.release-please.outputs.package-server-ai-tag-name }} | |
| release-server-ai-langchain-provenance: | |
| needs: ['release-please', 'release-server-ai-langchain'] | |
| if: ${{ needs.release-please.outputs.package-server-ai-langchain-released == 'true' }} | |
| permissions: | |
| actions: read # Needed for detecting the GitHub Actions environment. | |
| id-token: write # Needed for provenance signing. | |
| contents: write # Needed for uploading assets to the release. | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | |
| with: | |
| base64-subjects: "${{ needs.release-server-ai-langchain.outputs.package-hashes }}" | |
| upload-assets: true | |
| upload-tag-name: ${{ needs.release-please.outputs.package-server-ai-langchain-tag-name }} |