-
Notifications
You must be signed in to change notification settings - Fork 2
208 lines (187 loc) · 7.68 KB
/
staging.yml
File metadata and controls
208 lines (187 loc) · 7.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
# AgentOps Toolkit — Staging (TestPyPI + VSIX Pre-release)
#
# Workflows:
# 1. ci.yml — Lint + test on every push/PR; VSIX build validation
# 2. _build.yml — Reusable build (test + package), called by staging and release
# 3. staging.yml — Staging: release/* → TestPyPI → verify; VSIX pre-release → Marketplace
# 4. release.yml — Production: v* tag → TestPyPI → verify → PyPI → GH Release; VSIX stable → Marketplace
# 5. cut-release.yml — Manual dispatch: create release branch + PR from develop
#
# Triggered by pushes to release/* branches.
# Calls the reusable _build.yml, publishes to TestPyPI, verifies the
# package installs correctly with a CLI smoke test, and publishes the
# VS Code extension as a pre-release to the Marketplace.
#
# Branch flow:
# develop → release/v0.2.0 → push → this workflow
# → build → TestPyPI → verify install → ✅ ready to merge and tag
# → VSIX pre-release → Marketplace (early access channel)
#
# Versioning:
# Uses setuptools-scm — on a release branch 5 commits after the last tag,
# the version will be something like 0.2.0.dev5 (PEP 440 pre-release).
# VSIX version is managed in plugins/agentops/package.json.
#
# Trusted Publishing (OIDC):
# This workflow uses PyPI Trusted Publishing — no API tokens required.
# Authentication is handled via OpenID Connect (OIDC) between GitHub Actions
# and TestPyPI.
#
# Required GitHub secrets (environment: staging):
# VSCE_PAT — VS Code Marketplace PAT. MUST have "Marketplace: Manage" scope
# on the AgentOpsAccelerator publisher.
#
# Setup (Trusted Publishing + VSCE):
# 1. https://test.pypi.org/manage/project/agentops-accelerator/settings/publishing/
# → Add publisher: GitHub, owner=Azure, repo=agentops, workflow=staging.yml, environment=staging
# 2. GitHub repo → Settings → Environments → Create "staging" environment (optional approval)
# 3. https://dev.azure.com/ → PAT with Marketplace scope on the AzDO account that
# owns the AgentOpsAccelerator publisher → Create VSCE_PAT.
# Verify scope with: vsce ls-publishers -p $VSCE_PAT (must list AgentOpsAccelerator).
# 4. Add VSCE_PAT to staging environment
name: Staging
on:
push:
branches:
- "release/**"
workflow_dispatch:
jobs:
# Reusable build: test + package
build:
uses: ./.github/workflows/_build.yml
# Publish to TestPyPI
publish-testpypi:
needs: build
runs-on: ubuntu-latest
environment: staging
permissions:
id-token: write # Required for PyPI Trusted Publishing (OIDC)
steps:
- name: Download build artifacts
uses: actions/download-artifact@v8
with:
name: dist
path: dist/
- name: Publish to TestPyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
repository-url: https://test.pypi.org/legacy/
verbose: true
skip-existing: true # Allow re-pushes without failure
# Install from TestPyPI and smoke-test the CLI
verify-testpypi:
needs: publish-testpypi
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: "3.12"
- name: Determine expected version
id: version
run: |
pip install setuptools-scm
VERSION=$(python -m setuptools_scm)
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "Expected version: $VERSION"
- name: Install from TestPyPI
run: |
for i in 1 2 3 4 5; do
echo "Attempt $i: installing agentops-accelerator==${{ steps.version.outputs.version }}"
if pip install \
"agentops-accelerator==${{ steps.version.outputs.version }}" \
--index-url https://test.pypi.org/simple/ \
--extra-index-url https://pypi.org/simple/; then
exit 0
fi
if [ "$i" -lt 5 ]; then
echo "Not available yet, waiting 30s..."
sleep 30
fi
done
echo "::error::agentops-accelerator==${{ steps.version.outputs.version }} was not available from TestPyPI after 5 attempts."
exit 1
- name: Smoke test — version and help
run: |
agentops --version
agentops --help
- name: Smoke test — init in temp directory
run: |
TMPDIR=$(mktemp -d)
cd "$TMPDIR"
agentops init --no-prompt --azd-env testenv
test -f agentops.yaml
test -f .agentops/data/smoke.jsonl
test -f .azure/config.json
echo "✅ agentops init succeeded"
# ── VSIX Pre-release ─────────────────────────────────────────────────
# Publish the VS Code extension as a pre-release to the Marketplace.
# Runs in parallel with the TestPyPI flow (only needs source checkout).
publish-vsix-prerelease:
needs: build # gate on successful lint + test
runs-on: ubuntu-latest
environment: staging
steps:
- uses: actions/checkout@v6
- name: Sync VSIX version from branch name
run: |
# Derive version from the release branch name (e.g. release/v0.1.8 → 0.1.8).
# This avoids the PATCH+1 heuristic that leaked future versions to Marketplace.
BRANCH="${GITHUB_REF_NAME}"
VERSION="${BRANCH#release/v}"
if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "::error::Could not derive semver from branch '$BRANCH'. Expected release/vX.Y.Z format."
exit 1
fi
jq --arg v "$VERSION" '.version = $v' \
plugins/agentops/package.json > plugins/agentops/package.json.tmp
mv plugins/agentops/package.json.tmp plugins/agentops/package.json
echo "VSIX version set to $VERSION (from branch $BRANCH)"
- name: Set up Node.js
uses: actions/setup-node@v6
with:
node-version: "22"
- name: Install vsce
run: npm install -g @vscode/vsce
- name: Copy root assets for VSIX
run: |
cp CHANGELOG.md plugins/agentops/CHANGELOG.md
cp icon.png plugins/agentops/icon.png
- name: Package VSIX (pre-release)
working-directory: plugins/agentops
run: vsce package --pre-release -o agentops-skills.vsix
- name: Publish pre-release to VS Code Marketplace
# Tolerate ONLY the "already exists" case (re-run of the same pre-release
# version). Any other failure (auth, network, validation) must fail the job
# so staging surfaces real publish problems instead of silently green-lighting.
working-directory: plugins/agentops
env:
VSCE_PAT: ${{ secrets.VSCE_PAT }}
run: |
set -o pipefail
if OUTPUT=$(vsce publish --pre-release --packagePath agentops-skills.vsix -p "${VSCE_PAT}" 2>&1); then
RC=0
else
RC=$?
fi
echo "$OUTPUT"
if [ "$RC" -ne 0 ]; then
if echo "$OUTPUT" | grep -qi "already exists"; then
echo "::warning::VSIX pre-release version already published. Treating as success."
exit 0
fi
exit "$RC"
fi
- name: Show VSIX info
working-directory: plugins/agentops
run: |
ls -lh agentops-skills.vsix
echo "✅ VSIX pre-release published to Marketplace"
- name: Upload VSIX artifact
uses: actions/upload-artifact@v7
with:
name: vsix
path: plugins/agentops/agentops-skills.vsix