Release #47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release-version: | |
| type: string | |
| required: true | |
| description: 'Version number (for example: 0.1.0)' | |
| is-stable: | |
| description: 'Select if the built image should be tagged as stable' | |
| required: true | |
| type: boolean | |
| quay-organization: | |
| description: 'Quay organization used to push the built images to' | |
| required: true | |
| default: 'project-codeflare' | |
| python_version: | |
| type: string | |
| default: "3.11" | |
| required: true | |
| poetry_version: | |
| type: string | |
| default: "1.8.3" | |
| required: true | |
| codeflare-repository-organization: | |
| type: string | |
| default: "project-codeflare" | |
| env: | |
| PR_BRANCH_NAME: snyk-tag-monitoring-${{ github.run_id }} | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write # This permission is required for trusted publishing | |
| pull-requests: write # This permission is required for creating PRs | |
| steps: | |
| - name: Checkout the repository | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GH_CLI_TOKEN }} | |
| - name: Install Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ github.event.inputs.python_version }} | |
| - name: Install Poetry | |
| uses: abatilo/actions-poetry@v2 | |
| with: | |
| poetry-version: ${{ github.event.inputs.poetry_version }} | |
| - name: Change version in pyproject.toml | |
| run: poetry version "${{ github.event.inputs.release-version }}" | |
| - name: Run poetry install | |
| run: poetry install --with docs | |
| - name: Create new documentation | |
| run: | | |
| gh workflow run publish-documentation.yaml \ | |
| --repo ${{ github.event.inputs.codeflare-repository-organization }}/codeflare-sdk \ | |
| --ref ${{ github.ref }} \ | |
| --field codeflare_sdk_release_version=${{ github.event.inputs.release-version }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }} | |
| - name: Copy demo notebooks into SDK package | |
| run: cp -r demo-notebooks src/codeflare_sdk/demo-notebooks | |
| - name: Run poetry build | |
| run: poetry build | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }} | |
| - name: Create Github release | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| tag: "v${{ github.event.inputs.release-version }}" | |
| generateReleaseNotes: true | |
| - name: Publish package distributions to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| - name: Sync ODH Notebooks | |
| run: | | |
| gh workflow run odh-notebooks-sync.yml \ | |
| --repo ${{ github.event.inputs.codeflare-repository-organization }}/codeflare-sdk \ | |
| --ref ${{ github.ref }} \ | |
| --field upstream-repository-organization=opendatahub-io \ | |
| --field codeflare-repository-organization=${{ github.event.inputs.codeflare-repository-organization }} \ | |
| --field codeflare_sdk_release_version=${{ github.event.inputs.release-version }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }} | |
| shell: bash | |
| - name: Install Snyk CLI and setup monitoring for new release tag | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| SNYK_ORG: ${{ secrets.SNYK_ORG }} | |
| run: | | |
| echo "Installing Snyk CLI" | |
| npm install -g snyk | |
| echo "Fetching tags" | |
| git fetch origin 'refs/tags/*:refs/tags/*' | |
| echo "Authenticating with Snyk" | |
| snyk auth ${SNYK_TOKEN} | |
| echo "Scanning project: codeflare-sdk/v${{ github.event.inputs.release-version }}" | |
| git checkout v${{ github.event.inputs.release-version }} | |
| snyk monitor --all-projects --exclude=requirements.txt --org=${SNYK_ORG} --target-reference="$(git describe --tags)" |