ml-flashpoint/cloudbuild.yaml at main · google/ml-flashpoint · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

steps:
  # 1. Validate the tag and normalize the version.
  # This ensures the build only proceeds for properly formatted release tags (vX.Y.Z).
  # The normalized version (without 'v') is saved to a file for subsequent steps.
  - name: 'bash'
    id: 'validate-tag'
    args:
      - '-c'
      - |
        if [ -z "${TAG_NAME}" ]; then
          echo "Error: TAG_NAME is not set. This pipeline is only for tag-based releases."
          exit 1
        fi

        # Regex for vX.Y.Z (plus optional suffixes starting with '-')
        if [[ ! "${TAG_NAME}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-.*)?$ ]]; then
          echo "Error: Invalid tag format '${TAG_NAME}'. Expected vX.Y.Z or vX.Y.Z-suffix"
          exit 1
        fi

        if [[ "${TAG_NAME}" == "v0.0.0"* ]]; then
          echo "Error: Cannot publish fallback version '${TAG_NAME}'."
          exit 1
        fi

        # Strip the 'v' prefix using sed
        VERSION=$$(echo "${TAG_NAME}" | sed 's/^v//')
        echo "$$VERSION" > _PYPI_VERSION.txt
        echo "Validated version: $$VERSION"

  # 2. Build the source distribution (sdist).
  - name: 'python:3.10'
    id: 'build-sdist'
    entrypoint: 'bash'
    args:
      - '-c'
      - |
        # Explicitly setting the version to use, so that it doesn't use local versions derived from Git
        # when running for a tag that is behind the latest commit on main.
        export SETUPTOOLS_SCM_PRETEND_VERSION=$(cat _PYPI_VERSION.txt)
        echo "Building sdist for version: $${SETUPTOOLS_SCM_PRETEND_VERSION}"

        pip install build
        python -m build --sdist
    waitFor: ['validate-tag']

  # 3. Build the manylinux wheels.
  # We use the manylinux image directly to avoid the "reserved" docker.sock issue.
  # This image is pre-loaded with Python versions and build tools.
  - name: '$_MANYLINUX_IMAGE'
    id: 'build-wheels'
    entrypoint: 'bash'
    args:
      - '-c'
      - |
        # Use Python 3.10 as the build controller (it will produce the abi3 wheel)
        PYBIN="/opt/python/cp310-cp310/bin"
        export SETUPTOOLS_SCM_PRETEND_VERSION=$(cat _PYPI_VERSION.txt)

        # Install build dependencies
        $$PYBIN/pip install build setuptools-scm

        # Validation: Ensure scikit-build-core is actually using our pretend version
        DETECTED_VERSION=$$($$PYBIN/python -c "import setuptools_scm; print(setuptools_scm.get_version())")
        if [ "$$DETECTED_VERSION" != "$$SETUPTOOLS_SCM_PRETEND_VERSION" ]; then
          echo "Error: Version mismatch! Expected $$SETUPTOOLS_SCM_PRETEND_VERSION but detected $$DETECTED_VERSION."
          exit 1
        fi

        echo "Building wheel (scikit-build-core will handle abi3 and C++ extension compilation)..."
        SKBUILD_CMAKE_ARGS="-DBUILD_TESTING=OFF" $$PYBIN/python -m build --wheel

        echo "Repairing wheel with auditwheel to ensure manylinux compliance..."
        # auditwheel repair will bundle any external shared libraries and fix the platform tag
        $$PYBIN/auditwheel repair dist/*.whl --wheel-dir dist/

        # Remove the original non-compliant wheel (the one with the 'linux' tag)
        # to ensure only the manylinux version is uploaded.
        rm dist/*-linux_*.whl
    waitFor: ['build-sdist']

  # 4. Upload to internal Artifact Registry (AR) for OSS Exit Gate.
  - name: 'python:3.10'
    id: 'upload-to-ar'
    entrypoint: 'bash'
    args:
      - '-c'
      - |
        pip install -U twine keyring keyrings.google-artifactregistry-auth
        twine upload --repository-url https://us-python.pkg.dev/oss-exit-gate-prod/${_PROJECT_NAME}--pypi dist/*
    waitFor: ['build-wheels']

  # 5. Create and upload the manifest to GCS to trigger the Exit Gate publication.
  # The presence of this file in the specific GCS bucket triggers the verification and publishing process.
  - name: 'gcr.io/cloud-builders/gcloud'
    id: 'trigger-exit-gate'
    entrypoint: 'bash'
    args:
      - '-c'
      - |
        # Use a simple manifest that publishes all artifacts currently in the AR repository.
        echo '{"publish_all": true}' > manifest.json
        gcloud storage cp manifest.json gs://oss-exit-gate-prod-projects-bucket/${_PROJECT_NAME}/pypi/manifests/release-${TAG_NAME}.json
    waitFor: ['upload-to-ar']

options:
  logging: CLOUD_LOGGING_ONLY
  # Ensure we have enough resources for building C++ extensions.
  machineType: 'E2_HIGHCPU_8'

substitutions:
  _PROJECT_NAME: 'ml-flashpoint'
  # Default to x86_64; can be overridden in the Trigger for ARM64.
  _MANYLINUX_IMAGE: 'quay.io/pypa/manylinux_2_28_x86_64'