fix: update modules for security #1373
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- main | |
permissions: | |
contents: write | |
pull-requests: write | |
name: release-please | |
jobs: | |
create-release: | |
runs-on: ubuntu-latest | |
outputs: | |
phoenix_path: ${{ steps.parse.outputs.phoenix_path }} | |
package_path: ${{ steps.parse.outputs.package_path }} | |
steps: | |
- uses: googleapis/release-please-action@v4 | |
with: | |
token: ${{ secrets.MY_RELEASE_PLEASE_TOKEN }} | |
id: release-please | |
- name: Parse release path | |
if: ${{ steps.release-please.outputs.releases_created == 'true' }} | |
id: parse | |
env: | |
PATHS_RELEASED: ${{ steps.release-please.outputs.paths_released }} | |
# We assume that only one path is released at a time | |
run: | | |
echo $PATHS_RELEASED | jq -r '.[0]' | while read -r PATH; do | |
case $PATH in | |
packages/*) | |
echo "package_path=$PATH" >> $GITHUB_OUTPUT ;; | |
*) | |
echo "phoenix_path=$PATH" >> $GITHUB_OUTPUT ;; | |
esac | |
done | |
publish-package: | |
name: Publish Package | |
runs-on: ubuntu-latest | |
needs: create-release | |
if: ${{ needs.create-release.outputs.package_path != '' }} | |
defaults: | |
run: | |
working-directory: ${{ needs.create-release.outputs.package_path }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.x" | |
- run: python -m pip install hatch check_wheel_contents twine | |
- run: hatch build | |
- run: check-wheel-contents dist/*.whl | |
- run: twine upload --skip-existing --verbose dist/* | |
env: | |
TWINE_USERNAME: "__token__" | |
TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | |
publish-phoenix: | |
name: Publish Phoenix | |
runs-on: ubuntu-latest | |
needs: create-release | |
if: ${{ needs.create-release.outputs.phoenix_path != '' }} | |
environment: | |
name: pypi | |
url: https://pypi.org/p/arize-phoenix | |
permissions: | |
id-token: write # IMPORTANT: mandatory for trusted publishing | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: pnpm/action-setup@v3 | |
with: | |
version: 9.8.0 | |
- name: Build frontend | |
working-directory: ./app | |
run: pnpm install --frozen-lockfile && pnpm run build | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.x" | |
- name: Install Python utilities | |
run: python -m pip install hatch check_wheel_contents twine | |
- name: Build distribution | |
run: rm -rf dist && hatch build | |
- name: Check wheel contents | |
run: check-wheel-contents --ignore W004 dist/*.whl | |
- uses: pypa/gh-action-pypi-publish@release/v1 |