Artifactory Deployment of PyPi and trace-viewer

v0.10.0 #25

Workflow file for this run

.github/workflows/artifactory.yml at d2de1ee

	name: Artifactory Deployment of PyPi and trace-viewer

	on:
	workflow_dispatch: {}
	release:
	types: [published]

	env:
	ARTIFACTORY_URL: https://alephalpha.jfrog.io
	ARTIFACTORY_PYPI_REPOSITORY: "intelligence-layer"
	ARTIFACTORY_DOCKER_REGISTRY: alephalpha.jfrog.io/intelligence-layer-images

	jobs:
	build-and-push-pypi:
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	steps:
	- name: Get Identity Token From Github
	run: \|
	ID_TOKEN=$(curl -sLS -H "User-Agent: actions/oidc-client" -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
	"${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=https://alephalpha.jfrog.io" \| jq .value \| tr -d '"')
	echo "ID_TOKEN=${ID_TOKEN}" >> $GITHUB_ENV
	- name: Get Jfrog Access Token with Github Identity Token
	env:
	ID_TOKEN: ${{ env.ID_TOKEN }}
	run: \|
	JFROG_ACCESS_TOKEN=$(curl \
	-X POST \
	-H "Content-type: application/json" \
	$ARTIFACTORY_URL/access/api/v1/oidc/token \
	-d \
	"{\"grant_type\": \"urn:ietf:params:oauth:grant-type:token-exchange\", \"subject_token_type\":\"urn:ietf:params:oauth:token-type:id_token\", \"subject_token\": \"$ID_TOKEN\", \"provider_name\": \"github\"}" \
	\| jq .access_token -r)
	echo "JFROG_ACCESS_TOKEN=${JFROG_ACCESS_TOKEN}" >> $GITHUB_ENV
	- name: Checkout
	uses: actions/checkout@v4
	- uses: actions/setup-python@v5
	with:
	python-version: "3.10"
	- name: Install and configure Poetry
	uses: snok/install-poetry@v1
	with:
	virtualenvs-create: true
	virtualenvs-in-project: true
	installer-parallel: true
	- name: Build package and push to Artifactory
	env:
	JFROG_ACCESS_TOKEN: ${{ env.JFROG_ACCESS_TOKEN }}
	run: \|
	poetry build
	poetry config repositories.artifactory $ARTIFACTORY_URL/artifactory/api/pypi/$ARTIFACTORY_PYPI_REPOSITORY
	JFROG_ACCESS_TOKEN_SUBJECT=$(echo $JFROG_ACCESS_TOKEN \| awk -F'.' '{print $2}' \| sed 's/.\{1,3\}$/&==/' \| base64 -d \| jq '.sub' -r)
	poetry config http-basic.artifactory "$JFROG_ACCESS_TOKEN_SUBJECT" "$JFROG_ACCESS_TOKEN"
	poetry publish -r artifactory
	publish-docker:
	permissions:
	contents: read
	id-token: write
	packages: read
	env:
	GITHUB_DOCKER_REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository }}-trace-viewer
	runs-on: ubuntu-latest
	steps:
	- name: Get Identity Token From Github
	run: \|
	ID_TOKEN=$(curl -sLS -H "User-Agent: actions/oidc-client" -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
	"${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=https://alephalpha.jfrog.io" \| jq .value \| tr -d '"')
	echo "ID_TOKEN=${ID_TOKEN}" >> $GITHUB_ENV
	- name: Get Jfrog Access Token & Token Subject with Github Identity Token
	env:
	ID_TOKEN: ${{ env.ID_TOKEN }}
	run: \|
	JFROG_ACCESS_TOKEN=$(curl \
	-X POST \
	-H "Content-type: application/json" \
	$ARTIFACTORY_URL/access/api/v1/oidc/token \
	-d \
	"{\"grant_type\": \"urn:ietf:params:oauth:grant-type:token-exchange\", \"subject_token_type\":\"urn:ietf:params:oauth:token-type:id_token\", \"subject_token\": \"$ID_TOKEN\", \"provider_name\": \"github\"}" \
	\| jq .access_token -r)
	echo "JFROG_ACCESS_TOKEN=${JFROG_ACCESS_TOKEN}" >> $GITHUB_ENV
	JFROG_ACCESS_TOKEN_SUBJECT=$(echo $JFROG_ACCESS_TOKEN \| awk -F'.' '{print $2}' \| sed 's/.\{1,3\}$/&==/' \| base64 -d \| jq '.sub' -r)
	echo "JFROG_ACCESS_TOKEN_SUBJECT=${JFROG_ACCESS_TOKEN_SUBJECT}" >> $GITHUB_ENV
	- name: Log in to the github container registry
	uses: docker/login-action@v3
	with:
	registry: ${{ env.GITHUB_DOCKER_REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Log in to the artifactory container registry
	uses: docker/login-action@v3
	env:
	JFROG_ACCESS_TOKEN: ${{ env.JFROG_ACCESS_TOKEN }}
	JFROG_ACCESS_TOKEN_SUBJECT: ${{ env.JFROG_ACCESS_TOKEN_SUBJECT }}
	with:
	registry: ${{ env.ARTIFACTORY_DOCKER_REGISTRY }}
	username: ${{ env.JFROG_ACCESS_TOKEN_SUBJECT }}
	password: ${{ env.JFROG_ACCESS_TOKEN }}
	- name: Build package and push to Artifactory
	# Docker accepts only lower-case names. Therefore, the first line is needed
	run: \|
	IMAGE_NAME=${IMAGE_NAME,,}
	echo $GITHUB_DOCKER_REGISTRY/$IMAGE_NAME
	echo $ARTIFACTORY_DOCKER_REGISTRY/trace-viewer:latest
	docker pull $GITHUB_DOCKER_REGISTRY/$IMAGE_NAME
	docker tag $GITHUB_DOCKER_REGISTRY/$IMAGE_NAME $ARTIFACTORY_DOCKER_REGISTRY/trace-viewer:latest
	docker push $ARTIFACTORY_DOCKER_REGISTRY/trace-viewer:latest

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.10.0 #25

Workflow file

v0.10.0 #25

Jobs

Run details

Workflow file for this run