Skip to content

fix: support running in FIPS-enabled environments #2737

fix: support running in FIPS-enabled environments

fix: support running in FIPS-enabled environments #2737

Workflow file for this run

name: marimo bot
on:
issue_comment:
types: [created]
env:
TURBO_TEAM: marimo
jobs:
# Various jobs that can be triggered by comments
create-test-release:
if: >
(
github.event.issue.author_association == 'OWNER' ||
github.event.issue.author_association == 'COLLABORATOR' ||
github.event.issue.author_association == 'MEMBER' ||
github.event.comment.author_association == 'OWNER' ||
github.event.comment.author_association == 'COLLABORATOR' ||
github.event.comment.author_association == 'MEMBER'
) &&
github.event.issue.pull_request &&
contains(github.event.comment.body, '/marimo create-test-release')
name: 📤 Publish test release
runs-on: ubuntu-latest
defaults:
run:
shell: bash
steps:
- name: 🛑 Cancel Previous Runs
uses: styfle/[email protected]
- name: 📝 Get PR Info
id: pr
env:
PR_NUMBER: ${{ github.event.issue.number }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
COMMENT_AT: ${{ github.event.comment.created_at }}
run: |
pr="$(gh api /repos/${GH_REPO}/pulls/${PR_NUMBER})"
head_sha="$(echo "$pr" | jq -r .head.sha)"
pushed_at="$(echo "$pr" | jq -r .pushed_at)"
if [[ $(date -d "$pushed_at" +%s) -gt $(date -d "$COMMENT_AT" +%s) ]]; then
echo "Updating is not allowed because the PR was pushed to (at $pushed_at) after the triggering comment was issued (at $COMMENT_AT)"
exit 1
fi
echo "head_sha=$head_sha" >> $GITHUB_OUTPUT
- name: ⬇️ Checkout repo
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ steps.pr.outputs.head_sha }}
- name: 📝 Initial Comment on PR
uses: actions/github-script@v7
id: comment
with:
script: |
const comment = await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: '🚀 Starting test release process...'
});
console.log(`Comment created with ID: ${comment.data.id}`);
return comment.data.id;
- uses: pnpm/action-setup@v2
with:
version: 9
- name: ⎔ Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'pnpm'
cache-dependency-path: '**/pnpm-lock.yaml'
registry-url: 'https://registry.npmjs.org'
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: 📦 Build frontend
run: make fe
env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
- name: 🥚 Install Hatch
uses: pypa/hatch@install
- name: Adapt pyproject.toml to build marimo-base
run: ./scripts/modify_pyproject_for_marimo_base.sh
# patch __init__.py version to be of the form
# X.Y.Z-dev9{4random digits}
# This must be a valid semver version from
# https://packaging.python.org/en/latest/discussions/versioning/
- name: 🔨 Patch version number
run: |
# Get the version number
# - assumes version is on a line of the form __version__ == "x.y.z"
current_version=`grep '__version__' marimo/__init__.py | awk '{print $3}' | tr -d '"'`
# Generate a random 4-digit number
random_digits=`shuf -i 1000-9999 -n 1`
# Form the new version with the random digits
MARIMO_VERSION="${current_version}-dev9${random_digits}"
# Set the version in the environment for later steps
echo "MARIMO_VERSION=$MARIMO_VERSION" >> $GITHUB_ENV
sed -i "s/__version__ = \".*\"/__version__ = \"$MARIMO_VERSION\"/" marimo/__init__.py
- name: 📦 Build marimo
run: hatch build --clean
- name: 📦 Validate wheel under 2mb
run: ./scripts/validate_base_wheel_size.sh
- name: 📤 Upload to TestPyPI
env:
HATCH_INDEX_USER: ${{ secrets.TEST_PYPI_USER }}
HATCH_INDEX_AUTH: ${{ secrets.TEST_PYPI_MARIMO_BASE_PASSWORD }}
run: hatch publish --repo test
- name: 📦 Update package.json version from CLI
working-directory: frontend
run: |
echo "Updating package.json version to ${{ env.MARIMO_VERSION }}"
npm version ${{ env.MARIMO_VERSION }} --no-git-tag-version
- name: 📤 Upload wasm to npm
working-directory: frontend
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
for i in {1..3}; do
npm publish --access public && break || {
echo "Publish attempt $i failed, retrying..."
sleep 10
}
done
- name: 📝 Update PR Comment
uses: actions/github-script@v7
continue-on-error: true
with:
script: |
try {
const commentId = ${{steps.comment.outputs.result}}
console.log(`Updating comment with ID: ${commentId}`);
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: commentId,
body: `🚀 Test release published. You may be able to view the changes at https://marimo.app?v=${process.env.MARIMO_VERSION}`
});
} catch (err) {
console.error(err);
}
- name: 📝 Update PR Comment on Failure
if: failure()
uses: actions/github-script@v7
with:
script: |
try {
const commentId = ${{steps.comment.outputs.result}}
console.log(`Updating comment with ID: ${commentId}`);
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: commentId,
body: `❌ Test release failed. Please check the workflow logs for more details.`
});
} catch (err) {
console.error(err);
}