Agent365-python/.github/workflows/ci.yml at main · Git-Hub-Chris/Agent365-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
name: CI - Build, Test, and Publish SDKs

permissions:
  contents: read

# This workflow builds, tests, and publishes Python SDK packages
# - Builds and tests run on all branches (main, release/*)
# - Publishing to package repository ONLY happens on release/* branches
# - Development versions (with 'dev' suffix) are created on all non-tagged commits
# - Official releases (without 'dev' suffix) require a Git tag on a release/* branch

on:
  push:
    branches: [ main, "release/*" ]
  pull_request:
    branches: [ main, "release/*" ]

jobs:
  version-number:
    runs-on: ubuntu-latest
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
        with:
          egress-policy: audit

      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0  # Need full history for git versioning

      - name: Set up Python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: '3.11'

      - name: Install setuptools-git-versioning
        run: |
          python -m pip install --upgrade pip
          python -m pip install setuptools-git-versioning

      - id: package_version
        name: Calculate Package Version
        run: |
          cd ./versioning
          version=$(python -m setuptools_git_versioning)
          echo "Package version calculated: $version"
          echo "PACKAGE_VERSION=$version" >> $GITHUB_OUTPUT

    outputs:
      PACKAGE_VERSION: ${{ steps.package_version.outputs.PACKAGE_VERSION }}

  changed-sdks:
    name: Determine Changed SDKs
    runs-on: ubuntu-latest
    outputs:
      python-sdk: ${{ steps.check_python_sdk.outputs.changed }}
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
        with:
          egress-policy: audit

      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0

      - id: git_refs
        name: Set Git refs for diff
        run: |
          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
            echo "base=${{ github.event.pull_request.base.sha }}" >> "$GITHUB_OUTPUT"
            echo "head=${{ github.event.pull_request.head.sha }}" >> "$GITHUB_OUTPUT"
          else
            echo "base=${{ github.event.before }}" >> "$GITHUB_OUTPUT"
            echo "head=${{ github.sha }}" >> "$GITHUB_OUTPUT"
          fi

      - id: check_python_sdk
        name: Check Python SDK changes
        run: |
          if git diff --name-only "${{ steps.git_refs.outputs.base }}" "${{ steps.git_refs.outputs.head }}" -- 'libraries/**' 'setup.py' 'pyproject.toml' 'versioning/**' | grep -q .; then
            echo "Python SDK changes detected"
            echo "changed=true" >> $GITHUB_OUTPUT
          else
            echo "No Python SDK changes detected"
            echo "changed=false" >> $GITHUB_OUTPUT
          fi

  python-sdk:
    name: Python SDK
    needs: [version-number, changed-sdks]
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./

    strategy:
      matrix:
        python-version: ['3.11', '3.12']

    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
        with:
          egress-policy: audit

      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Install the latest version of uv and set the python version
        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
        with:
          version: '0.6.x'
          python-version: ${{ matrix.python-version }}
          working-directory: ./
          enable-cache: true
          cache-dependency-glob: "./pyproject.toml"

      - name: Install the project
        run: uv lock && uv sync --locked --all-extras --dev

      - name: Verify centralized version constraints
        run: python scripts/verify_constraints.py

      - name: Check linting
        run: |
          uv run --frozen ruff check . --preview

      - name: Check formatting
        run: |
          uv run --frozen ruff format --check .

      - name: Build package
        run: |
          AGENT365_PYTHON_SDK_PACKAGE_VERSION=${{ needs.version-number.outputs.PACKAGE_VERSION }} uv build --all-packages --wheel
        env:
          AGENT365_PYTHON_SDK_PACKAGE_VERSION: ${{ needs.version-number.outputs.PACKAGE_VERSION }}

      - name: Run unit tests
        run: |
          uv run --frozen pytest tests/ -v --tb=short -m "not integration"

      - name: Run integration tests
        # Only run integration tests if secrets are available
        if: github.event_name == 'push' && secrets.AZURE_OPENAI_API_KEY != '' && vars.AZURE_OPENAI_ENDPOINT != '' && vars.AZURE_OPENAI_DEPLOYMENT != '' && vars.AZURE_OPENAI_API_VERSION != ''
        run: |
          uv run --frozen pytest -m integration -v --tb=short
        env:
          AZURE_OPENAI_API_KEY: ${{ secrets.AZURE_OPENAI_API_KEY }}
          AZURE_OPENAI_ENDPOINT: ${{ vars.AZURE_OPENAI_ENDPOINT || '' }}
          AZURE_OPENAI_DEPLOYMENT: ${{ vars.AZURE_OPENAI_DEPLOYMENT || '' }}
          AZURE_OPENAI_API_VERSION: ${{ vars.AZURE_OPENAI_API_VERSION || '' }}
          ENABLE_OBSERVABILITY: 'true'

      # Copy package and samples to drop folder
      - name: Copy package and samples to drop folder
        run: |
          mkdir -p ~/drop/python-${{ matrix.python-version }}/dist && cp -v dist/*.whl $_

      # Zip files since upload-artifact does not seem like to like folders
      - name: Create zip
        run: cd ~/drop/python-${{ matrix.python-version }} && zip -r ~/drop/python-${{ matrix.python-version }}.zip .

      - name: Upload package and samples as artifacts
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: python-${{ matrix.python-version }}
          path: ~/drop/python-${{ matrix.python-version }}.zip

      - name: Publish
        # Only publish when:
        # 1. It's a push event (not a PR)
        # 2. The branch is a release/* branch
        # 3. There are SDK changes
        # Note: Requires PYPI_TOKEN secret to be configured in repository settings
        if: github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/') && needs.changed-sdks.outputs.python-sdk == 'true'
        run: |
          uv run twine upload --config-file .pypirc -r Agent365 dist/*
        continue-on-error: true
        env:
          TWINE_USERNAME: __token__
          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}