Skip to content

feat(sandbox)🔒: Add secure script execution for LLM agents using Docker #301

feat(sandbox)🔒: Add secure script execution for LLM agents using Docker

feat(sandbox)🔒: Add secure script execution for LLM agents using Docker #301

name: Release Python Package
on:
workflow_dispatch:
inputs:
version_name:
description: "One of major, minor, or patch"
required: true
type: choice
options:
- major
- minor
- patch
default: patch
pull_request:
branches:
- '**'
env:
UV_SYSTEM_PYTHON: 1
DEFAULT_VERSION_NAME: patch
jobs:
deploy-package:
runs-on: ubuntu-latest
name: ${{ github.event_name == 'pull_request' && '(Dry Run) ' || '' }}Publish Python Package to PyPI
defaults:
run:
shell: bash -l {0}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: true
- name: Setup Python environment
uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Install uv
uses: astral-sh/setup-uv@v3
- name: Setup Pixi Environment
uses: prefix-dev/[email protected]
with:
pixi-version: latest
cache: true
cache-write: ${{ github.event_name == 'push' }}
- name: Set up Python
run: |
uv tool install bump2version
- name: Set version name
run: echo "VERSION_NAME=${{ github.event.inputs.version_name || env.DEFAULT_VERSION_NAME }}" >> $GITHUB_ENV
- name: Dry run bump2version
run: |
bump2version --dry-run ${{ env.VERSION_NAME }} --allow-dirty --verbose
- name: Store new version number
run: echo "version_number=`bump2version --dry-run --list ${{ env.VERSION_NAME }} | grep new_version | sed -r s,"^.*=",,`" >> $GITHUB_ENV
- name: Display new version number
run: |
echo "version_name: ${{ env.VERSION_NAME }}"
echo "version_number: v${{ env.version_number }}"
- name: Ensure repo status is clean
run: git status
- name: Configure Git
run: |
git config user.name github-actions
git config user.email [email protected]
- name: Run bump2version
run: bump2version ${{ env.VERSION_NAME }} --verbose
- name: Ensure tag creation
run: git tag | grep ${{ env.version_number }}
- name: Install llamabot package
run: uv pip install -e .
- name: Write release notes
if: github.event_name != 'pull_request'
env:
MISTRAL_API_KEY: ${{ secrets.MISTRAL_API_KEY }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
run: |
llamabot configure default-model --model-name="${{ secrets.DEFAULT_LANGUAGE_MODEL }}"
llamabot git write-release-notes
- name: Commit release notes
if: github.event_name != 'pull_request'
run: |
uv tool install pre-commit
pre-commit run --all-files || pre-commit run --all-files
git add .
git commit -m "Add release notes for ${{ env.version_number }}"
- name: Build package
run: |
uv build --sdist --wheel
- name: Publish package
if: github.event_name != 'pull_request'
run: uv publish --token ${{ secrets.PYPI_API_TOKEN }}
- name: Push changes with tags
if: github.event_name != 'pull_request'
run: |
git push && git push --tags
- name: Create release in GitHub repo
if: github.event_name != 'pull_request'
uses: ncipollo/release-action@v1
with:
bodyFile: "docs/releases/v${{ env.version_number }}.md"
token: ${{ secrets.GITHUB_TOKEN }}
tag: v${{ env.version_number }}
- name: Ensure complete
if: github.event_name != 'pull_request'
run: echo "Auto-release complete!"