Temp add a workflow file to run prod tests

Val Brodsky · Val Brodsky · commit d154ba00c3a3 · 2024-11-06T14:41:10.000-08:00
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -63,17 +63,6 @@ jobs:
         with:
           name: build
           path: ./dist
-  provenance_python:
-    needs: [build]
-    permissions:
-      actions: read
-      contents: write
-      id-token: write # Needed to access the workflow's OIDC identity.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
-    with:
-      base64-subjects: "${{ needs.build.outputs.hashes }}"
-      upload-assets: true
-      upload-tag-name: ${{ inputs.tag }} # Tag from the initiation of the workflow
   test-build:
     if: ${{ !inputs.skip-tests }}
     needs: ['build']
@@ -138,111 +127,3 @@ jobs:
           rye add labelbox --path ./$(find ./dist/ -name *.tar.gz) --sync --absolute --features data
           cd libs/labelbox
           rye run pytest tests/data
-  publish-python-package-to-release:
-    runs-on: ubuntu-latest
-    needs: ['build']
-    permissions:
-      contents: write    
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ inputs.tag }}
-      - uses: actions/download-artifact@v4
-        with:
-          name: build
-          path: ./artifact
-      - name: Upload dist to release
-        run: |
-          gh release upload ${{ inputs.tag }} ./artifact/*
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  pypi-publish:   
-    runs-on: ubuntu-latest
-    needs: ['build', 'test-build']
-    if: |
-      always() &&
-      (needs.test-build.result == 'success' || needs.test-build.result == 'skipped') && github.event.inputs.tag
-    environment: 
-      name: publish
-      url: 'https://pypi.org/project/labelbox/'
-    permissions:
-      # IMPORTANT: this permission is mandatory for trusted publishing
-      id-token: write
-    steps:
-      - uses: actions/download-artifact@v4
-        with:
-          name: build
-          path: ./artifact
-      - name: Publish package distributions to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          packages-dir: artifact/
-  container-publish:
-    runs-on: ubuntu-latest
-    needs: ['build', 'test-build']
-    permissions:
-      packages: write
-    outputs:
-      image: ${{ steps.image.outputs.image }}
-      digest: ${{ steps.build_container.outputs.digest }}
-    if: |
-      always() &&
-      (needs.test-build.result == 'success' || needs.test-build.result == 'skipped') && github.event.inputs.tag
-    env:
-      CONTAINER_IMAGE: "ghcr.io/${{ github.repository }}"
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ inputs.tag }}
-
-      - name: downcase CONTAINER_IMAGE
-        run: |
-          echo "CONTAINER_IMAGE=${CONTAINER_IMAGE,,}" >> ${GITHUB_ENV}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-  
-      - name: Log in to the Container registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-  
-      - name: Build and push
-        uses: docker/build-push-action@v5
-        id: build_container
-        with:
-          context: .
-          file: ./libs/labelbox/Dockerfile
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          push: true
-  
-          platforms: |
-            linux/amd64
-            linux/arm64
-  
-          tags: |
-            ${{ env.CONTAINER_IMAGE }}:latest
-            ${{ env.CONTAINER_IMAGE }}:${{ inputs.tag }}
-      - name: Output image
-        id: image
-        run: |
-          # NOTE: Set the image as an output because the `env` context is not
-          # available to the inputs of a reusable workflow call.
-          image_name="${CONTAINER_IMAGE}"
-          echo "image=$image_name" >> "$GITHUB_OUTPUT"
-
-  provenance_container:
-    needs: [container-publish]
-    permissions:
-      actions: read # for detecting the Github Actions environment.
-      id-token: write # for creating OIDC tokens for signing.
-      packages: write # for uploading attestations.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
-    with:
-      image: ${{ needs. container-publish.outputs.image }}
-      digest: ${{ needs. container-publish.outputs.digest }}
-      registry-username: ${{ github.actor }}
-    secrets:
-      registry-password: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/publish_run_prod_test.yml b/.github/workflows/publish_run_prod_test.yml
@@ -0,0 +1,54 @@
+name: Labelbox Python SDK Publish PROD Test
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Release Tag'
+        required: true
+      skip-tests:
+        description: 'Skip PROD Test (Do not do this unless there is an emergency)'
+        default: false
+        type: boolean
+
+
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: false
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      hashes: ${{ steps.hash.outputs.hashes }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.tag }}
+      - name: Install the latest version of rye
+        uses: eifinger/setup-rye@v2
+        with:
+          version: ${{ vars.RYE_VERSION }}
+          enable-cache: true
+      - name: Rye Setup
+        run: |
+           rye config --set-bool behavior.use-uv=true
+      - name: Create build
+        working-directory: libs/labelbox
+        run: |
+          rye sync
+          rye build
+      - name: "Generate hashes"
+        id: hash
+        run: |
+          cd dist && echo "hashes=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
+      - uses: actions/upload-artifact@v4
+        with:
+          name: build
+          path: ./dist
