[ENH]: Authz tenant and DB resource attribute hook (#1317) #487
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Chroma Release | |
on: | |
push: | |
tags: | |
- "*" | |
branches: | |
- main | |
env: | |
GHCR_IMAGE_NAME: "ghcr.io/chroma-core/chroma" | |
DOCKERHUB_IMAGE_NAME: "chromadb/chroma" | |
PLATFORMS: linux/amd64,linux/arm64 #linux/riscv64, linux/arm/v7 | |
jobs: | |
check_tag: | |
runs-on: ubuntu-latest | |
outputs: | |
tag_matches: ${{ steps.check-tag.outputs.tag_matches }} | |
steps: | |
- name: Check Tag | |
id: check-tag | |
run: | | |
if [[ ${{ github.event.ref }} =~ ^refs/tags/[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
echo "tag_matches=true" >> $GITHUB_OUTPUT | |
fi | |
build-and-release: | |
runs-on: ubuntu-latest | |
needs: check_tag | |
permissions: write-all | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
# https://github.com/docker/setup-qemu-action - for multiplatform builds | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
# https://github.com/docker/setup-buildx-action - for multiplatform builds | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.10" | |
- name: Install Client Dev Dependencies | |
run: python -m pip install -r requirements_dev.txt | |
- name: Build Client | |
run: python -m build | |
- name: Test Client Package | |
run: bin/test-package.sh dist/*.tar.gz | |
- name: Log in to the Github Container registry | |
uses: docker/[email protected] | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to DockerHub | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Install setuptools_scm | |
run: python -m pip install setuptools_scm | |
- name: Get Release Version | |
id: version | |
run: echo "version=$(python -m setuptools_scm)" >> $GITHUB_OUTPUT | |
- name: Build and push prerelease Docker image | |
if: "needs.check_tag.outputs.tag_matches != 'true'" | |
uses: docker/[email protected] | |
with: | |
context: . | |
platforms: ${{ env.PLATFORMS }} | |
push: true | |
tags: "${{ env.GHCR_IMAGE_NAME }}:${{ steps.version.outputs.version }},${{ env.DOCKERHUB_IMAGE_NAME }}:${{ steps.version.outputs.version }}" | |
- name: Build and push release Docker image | |
if: "needs.check_tag.outputs.tag_matches == 'true'" | |
uses: docker/[email protected] | |
with: | |
context: . | |
platforms: ${{ env.PLATFORMS }} | |
push: true | |
tags: "${{ env.GHCR_IMAGE_NAME }}:${{ steps.version.outputs.version }},${{ env.DOCKERHUB_IMAGE_NAME }}:${{ steps.version.outputs.version }},${{ env.GHCR_IMAGE_NAME }}:latest,${{ env.DOCKERHUB_IMAGE_NAME }}:latest" | |
- name: Get current date | |
id: builddate | |
run: echo "builddate=$(date +'%Y-%m-%dT%H:%M')" >> $GITHUB_OUTPUT | |
- name: Publish to Test PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.TEST_PYPI_API_TOKEN }} | |
repository_url: https://test.pypi.org/legacy/ | |
- name: Publish to PyPI | |
if: "needs.check_tag.outputs.tag_matches == 'true'" | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_API_TOKEN }} | |
- name: Login to AWS | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: arn:aws:iam::369178033109:role/github-action-generate-cf-template | |
aws-region: us-east-1 | |
- name: Generate CloudFormation template | |
id: generate-cf | |
if: "needs.check_tag.outputs.tag_matches == 'true'" | |
run: "pip install boto3 && python bin/generate_cloudformation.py" | |
- name: Release Tagged Version | |
uses: ncipollo/[email protected] | |
if: "needs.check_tag.outputs.tag_matches == 'true'" | |
with: | |
body: | | |
Version: `${{steps.version.outputs.version}}` | |
Git ref: `${{github.ref}}` | |
Build Date: `${{steps.builddate.outputs.builddate}}` | |
PIP Package: `chroma-${{steps.version.outputs.version}}.tar.gz` | |
Github Container Registry Image: `${{ env.GHCR_IMAGE_NAME }}:${{ steps.version.outputs.version }}` | |
DockerHub Image: `${{ env.DOCKERHUB_IMAGE_NAME }}:${{ steps.version.outputs.version }}` | |
artifacts: "dist/chroma-${{steps.version.outputs.version}}.tar.gz" | |
prerelease: true | |
generateReleaseNotes: true | |
- name: Update Tag | |
uses: richardsimko/[email protected] | |
if: "needs.check_tag.outputs.tag_matches != 'true'" | |
with: | |
tag_name: latest | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Release Latest | |
uses: ncipollo/[email protected] | |
if: "needs.check_tag.outputs.tag_matches != 'true'" | |
with: | |
tag: "latest" | |
name: "Latest" | |
body: | | |
Version: `${{steps.version.outputs.version}}` | |
Git ref: `${{github.ref}}` | |
Build Date: `${{steps.builddate.outputs.builddate}}` | |
PIP Package: `chroma-${{steps.version.outputs.version}}.tar.gz` | |
Github Container Registry Image: `${{ env.GHCR_IMAGE_NAME }}:${{ steps.version.outputs.version }}` | |
DockerHub Image: `${{ env.DOCKERHUB_IMAGE_NAME }}:${{ steps.version.outputs.version }}` | |
artifacts: "dist/chroma-${{steps.version.outputs.version}}.tar.gz" | |
allowUpdates: true | |
prerelease: true | |
- name: Trigger Hosted Chroma Release | |
uses: actions/github-script@v6 | |
with: | |
github-token: ${{ secrets.HOSTED_CHROMA_WORKFLOW_DISPATCH_TOKEN }} | |
script: | | |
const result = await github.rest.actions.createWorkflowDispatch({ | |
owner: 'chroma-core', | |
repo: 'hosted-chroma', | |
workflow_id: 'build-and-publish-image.yaml', | |
ref: 'main' | |
}) | |
console.log(result) |