Ap/accelerate fsdp tmp2 #349

Workflow file for this run

	# SPDX-License-Identifier: Apache-2.0

	name: Build, test, and upload PyPI package

	on:
	push:
	branches:
	- "main"
	- "release-**"
	tags:
	- "v*"
	pull_request:
	branches:
	- "main"
	- "release-**"
	release:
	types:
	- published

	env:
	LC_ALL: en_US.UTF-8

	defaults:
	run:
	shell: bash

	permissions:
	contents: read

	jobs:
	# Create and verify release artifacts
	# - build source dist (tar ball) and wheel
	# - validate artifacts with various tools
	# - upload artifacts to GHA
	build-package:
	name: Build and check packages
	runs-on: ubuntu-latest
	steps:
	- name: "Harden Runner"
	uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
	with:
	egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

	- name: "Checkout"
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	with:
	# for setuptools-scm
	fetch-depth: 0

	- name: "Build and Inspect"
	uses: hynek/build-and-inspect-python-package@b4fc3f6ba2b3da04f09659be99e2a29fb6146a61 # v2.6.0

	# push to Test PyPI on
	# - a new GitHub release is published
	# - a PR is merged into main branch
	publish-test-pypi:
	name: Publish packages to test.pypi.org
	# environment: publish-test-pypi
	if: ${{ (github.repository_owner == 'instructlab') && ((github.event.action == 'published') \|\| ((github.event_name == 'push') && (github.ref == 'refs/heads/main'))) }}
	permissions:
	contents: read
	# see https://docs.pypi.org/trusted-publishers/
	id-token: write
	runs-on: ubuntu-latest
	needs: build-package

	steps:
	- name: "Harden Runner"
	uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
	with:
	egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

	- name: "Download build artifacts"
	uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
	with:
	name: Packages
	path: dist

	- name: "Upload to Test PyPI"
	uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0
	with:
	repository-url: https://test.pypi.org/legacy/

	# push to Production PyPI on
	# - a new GitHub release is published
	publish-pypi:
	name: Publish release to pypi.org
	# environment: publish-pypi
	if: ${{ (github.repository_owner == 'instructlab') && (github.event.action == 'published') }}
	permissions:
	# see https://docs.pypi.org/trusted-publishers/
	id-token: write
	# allow gh release upload
	contents: write

	runs-on: ubuntu-latest
	needs: build-package

	steps:
	- name: "Harden Runner"
	uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
	with:
	egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

	- name: "Download build artifacts"
	uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
	with:
	name: Packages
	path: dist

	- name: "Sigstore sign package"
	uses: sigstore/gh-action-sigstore-python@61f6a500bbfdd9a2a339cf033e5421951fbc1cd2 # v2.1.1
	with:
	inputs: \|
	./dist/*.tar.gz
	./dist/*.whl

	- name: "Upload artifacts and signatures to GitHub release"
	run: \|
	gh release upload '${{ github.ref_name }}' dist/* --repo '${{ github.repository }}'
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	# PyPI does not accept .sigstore artifacts and
	# gh-action-pypi-publish has no option to ignore them.
	- name: "Remove sigstore signatures before uploading to PyPI"
	run: \|
	rm ./dist/*.sigstore

	- name: "Upload to PyPI"
	uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ap/accelerate fsdp tmp2 #349

Workflow file

Ap/accelerate fsdp tmp2 #349

Jobs

Run details

Workflow file for this run