Publish to PyPI #5
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Publish to PyPI on Release | |
| # Triggered when a new release is published on GitHub | |
| # | |
| # Security: Uses PyPI Trusted Publisher (OIDC) authentication - no API tokens needed | |
| # Packages are published sequentially: server first, then CLI (depends on server for PyPI resolution) | |
| name: Publish to PyPI | |
| on: | |
| release: | |
| types: [published] | |
| permissions: | |
| contents: read | |
| id-token: write # Required for OIDC authentication with PyPI | |
| jobs: | |
| quality-gate: | |
| name: Quality Gate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install Task | |
| uses: arduino/setup-task@v2 | |
| with: | |
| version: 3.43.3 | |
| - name: Install Poetry | |
| uses: snok/install-poetry@v1 | |
| with: | |
| version: 1.7.1 | |
| virtualenvs-create: true | |
| virtualenvs-in-project: true | |
| - name: Cache Poetry dependencies (server) | |
| uses: actions/cache@v4 | |
| with: | |
| path: agent-brain-server/.venv | |
| key: server-venv-${{ runner.os }}-${{ hashFiles('agent-brain-server/poetry.lock') }} | |
| restore-keys: | | |
| server-venv-${{ runner.os }}- | |
| - name: Cache Poetry dependencies (cli) | |
| uses: actions/cache@v4 | |
| with: | |
| path: agent-brain-cli/.venv | |
| key: cli-venv-${{ runner.os }}-${{ hashFiles('agent-brain-cli/poetry.lock') }} | |
| restore-keys: | | |
| cli-venv-${{ runner.os }}- | |
| - name: Build server package first (CLI depends on it) | |
| run: | | |
| cd agent-brain-server | |
| poetry build | |
| echo "Built server package:" | |
| ls -la dist/ | |
| - name: Install server from local build | |
| run: | | |
| cd agent-brain-server | |
| poetry install | |
| - name: Install CLI with local server dependency | |
| run: | | |
| cd agent-brain-cli | |
| # Override agent-brain-rag to use local build | |
| pip install ../agent-brain-server/dist/*.whl | |
| poetry install | |
| - name: Run linting | |
| run: task lint | |
| - name: Run type checking | |
| run: task typecheck | |
| - name: Run tests | |
| run: task test | |
| publish-server: | |
| name: Publish agent-brain-rag | |
| needs: quality-gate | |
| runs-on: ubuntu-latest | |
| environment: pypi | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Verify tag matches pyproject.toml version | |
| run: | | |
| # Get version from release tag (e.g., v3.0.0 → 3.0.0) | |
| TAG_VERSION="${GITHUB_REF_NAME#v}" | |
| # Get version from pyproject.toml | |
| SERVER_VERSION=$(grep '^version = ' agent-brain-server/pyproject.toml | cut -d'"' -f2) | |
| CLI_VERSION=$(grep '^version = ' agent-brain-cli/pyproject.toml | cut -d'"' -f2) | |
| echo "Tag version: $TAG_VERSION" | |
| echo "Server pyproject.toml: $SERVER_VERSION" | |
| echo "CLI pyproject.toml: $CLI_VERSION" | |
| # Verify all versions match | |
| if [ "$TAG_VERSION" != "$SERVER_VERSION" ]; then | |
| echo "ERROR: Tag ($TAG_VERSION) does not match server version ($SERVER_VERSION)" | |
| exit 1 | |
| fi | |
| if [ "$TAG_VERSION" != "$CLI_VERSION" ]; then | |
| echo "ERROR: Tag ($TAG_VERSION) does not match CLI version ($CLI_VERSION)" | |
| exit 1 | |
| fi | |
| echo "✓ All versions aligned: $TAG_VERSION" | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install Poetry | |
| uses: snok/install-poetry@v1 | |
| with: | |
| version: 1.7.1 | |
| - name: Build package | |
| run: poetry build | |
| working-directory: agent-brain-server | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| packages-dir: agent-brain-server/dist/ | |
| publish-cli: | |
| name: Publish agent-brain-cli | |
| needs: [quality-gate, publish-server] | |
| runs-on: ubuntu-latest | |
| environment: pypi | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Wait for server package on PyPI | |
| run: | | |
| # Get version from release tag (e.g., v3.0.0 → 3.0.0) | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| echo "Waiting for agent-brain-rag==$VERSION on PyPI..." | |
| for i in {1..30}; do | |
| if curl -sf "https://pypi.org/pypi/agent-brain-rag/$VERSION/json" > /dev/null; then | |
| echo "✓ Found agent-brain-rag==$VERSION on PyPI" | |
| exit 0 | |
| fi | |
| echo "Attempt $i/30: Not yet available, waiting 10s..." | |
| sleep 10 | |
| done | |
| echo "✗ Timeout waiting for PyPI propagation" | |
| exit 1 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install Poetry | |
| uses: snok/install-poetry@v1 | |
| with: | |
| version: 1.7.1 | |
| - name: Build package | |
| run: poetry build | |
| working-directory: agent-brain-cli | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| packages-dir: agent-brain-cli/dist/ |