mirror of
https://github.com/zama-ai/concrete.git
synced 2026-01-13 23:08:14 -05:00
647ffa31aa
Bumps [rtCamp/action-slack-notify](https://github.com/rtcamp/action-slack-notify) from 2.3.0 to 2.3.2.
- [Release notes](https://github.com/rtcamp/action-slack-notify/releases)
- [Commits](4e5fb42d24...c33737706d)
---
updated-dependencies:
- dependency-name: rtCamp/action-slack-notify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
82 lines
3.1 KiB
YAML
82 lines
3.1 KiB
YAML
# This workflows should be runned after that releases has been validated and ready to push to pypi.org and docker hub.
|
|
name: concrete-python finalize-release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: 'version of concrete-python to push to pypi and docker hub'
|
|
required: true
|
|
type: string
|
|
|
|
jobs:
|
|
publish-to-pypi:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Pull wheels from S3
|
|
env:
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_IAM_ID }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_IAM_KEY }}
|
|
AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
|
|
S3_BUCKET_NAME: ${{ secrets.AWS_S3_PYPI_BUCKET_NAME }}
|
|
run: |
|
|
mkdir wheels
|
|
aws s3 cp "s3://${S3_BUCKET_NAME}/cpu/concrete-python/" ./wheels/ --recursive --exclude "*" --include "concrete_python-${{ inputs.version }}-*"
|
|
echo "============== Downloaded wheels ==============="
|
|
ls -la ./wheels/
|
|
- name: Push wheels to public PyPI (public)
|
|
run: |
|
|
pip install twine==4.0.2
|
|
twine upload wheels/concrete_python-${{ inputs.version }}*.whl \
|
|
-u "${{ secrets.PUBLIC_PYPI_USER }}" \
|
|
-p "${{ secrets.PUBLIC_PYPI_PASSWORD }}" \
|
|
-r pypi
|
|
- name: Slack Notification
|
|
if: ${{ failure() }}
|
|
continue-on-error: true
|
|
uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990
|
|
env:
|
|
SLACK_COLOR: ${{ job.status }}
|
|
SLACK_MESSAGE: "publish-to-pypi finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})"
|
|
|
|
publish-to-dockerhub:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
DOCKER_IMAGE_NAME: zamafhe/concrete-python
|
|
DOCKER_FILE: docker/Dockerfile.concrete-python
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: Get version from tag
|
|
run: |
|
|
# remove leading 'v' and '-' from tag
|
|
VERSION=$(echo ${{ inputs.version }} | sed "s/^v*//g" | sed "s/-//g")
|
|
{
|
|
echo "VERSION=$VERSION"
|
|
echo "NAME_TAG=${{ env.DOCKER_IMAGE_NAME }}:v$VERSION"
|
|
} >> "${GITHUB_ENV}"
|
|
- name: Build image
|
|
run: |
|
|
mkdir empty_context
|
|
docker image build -t ${{ env.NAME_TAG }} --build-arg version=${{ env.VERSION }} -f ${{ env.DOCKER_FILE }} empty_context
|
|
|
|
# disabled because of https://github.com/aquasecurity/trivy/discussions/7668
|
|
# - name: Run Trivy vulnerability scanner
|
|
# uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
|
|
# with:
|
|
# image-ref: '${{ env.NAME_TAG }}'
|
|
# format: 'table'
|
|
# exit-code: '1'
|
|
# ignore-unfixed: true
|
|
# vuln-type: 'os,library'
|
|
# severity: 'CRITICAL,HIGH'
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Push image
|
|
run: docker image push ${{ env.NAME_TAG }}
|