Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
155 changes: 0 additions & 155 deletions .github/workflows/publish-dev.yml

This file was deleted.

27 changes: 6 additions & 21 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
name: Release

# Manually-triggered release: build the CURRENT version (from pyproject.toml)
# and publish it to public PyPI + the UiPath `coder_eval` Azure Artifacts feed
# (wheel) and GHCR (agent image), then push the `v<version>` git tag.
# and publish it to public PyPI (wheel) and GHCR (agent image), then push the
# `v<version>` git tag.
#
# Version management: `main` is protected by a ruleset (changes via PR only),
# so this workflow does NOT commit a version bump to main. Bump `version` in
Expand Down Expand Up @@ -92,20 +92,6 @@ jobs:
path: dist/
if-no-files-found: error

- name: Publish to coder_eval feed
# Best-effort: the private Azure feed is a UiPath-internal target; its
# failure (e.g. an expired PAT) must NOT block the public PyPI publish.
continue-on-error: true
if: steps.release.outputs.version != ''
env:
# Azure Artifacts accepts any non-empty username when paired with a
# PAT, so we hardcode it. The PAT (Packaging Read & write scope)
# comes from UV_INDEX_UIPATH_PASSWORD, reused from pr-checks.yml.
TWINE_USERNAME: "azure-artifacts"
TWINE_PASSWORD: ${{ secrets.UV_INDEX_UIPATH_PASSWORD }}
TWINE_REPOSITORY_URL: https://pkgs.dev.azure.com/uipath/ML%20Platform/_packaging/coder_eval/pypi/upload/
run: uv tool run --from twine twine upload --non-interactive --verbose dist/*

# Build + push the agent image HERE, in the release job, tagged with the
# version main declares. docker-publish.yml only publishes :latest / :sha-
# on every main push, so this is the authoritative versioned image; it
Expand Down Expand Up @@ -149,11 +135,10 @@ jobs:
# back from here, to avoid two concurrent writers racing the cache tag.
cache-from: type=registry,ref=ghcr.io/${{ steps.img.outputs.owner_lc }}/coder-eval-agent:buildcache

# Publish the SAME wheel+sdist to public PyPI (pkgs live alongside the private
# Azure Artifacts feed, which the release job above still populates). This runs
# as its own job so OIDC Trusted Publishing is scoped to a dedicated,
# environment-gated context on GitHub-hosted runners -- no PyPI token/secret is
# stored. Gated on the release job having actually cut a version.
# Publish the wheel+sdist to public PyPI. This runs as its own job so OIDC
# Trusted Publishing is scoped to a dedicated, environment-gated context on
# GitHub-hosted runners -- no PyPI token/secret is stored. Gated on the
# release job having actually cut a version.
publish-pypi:
name: Publish to PyPI
needs: release
Expand Down
Loading