chore: import upstream snapshot with attribution

This commit is contained in:
wehub-resource-sync
2026-07-13 12:47:58 +08:00
commit b16403ea71
789 changed files with 115226 additions and 0 deletions
+72
View File
@@ -0,0 +1,72 @@
name: Test CLI
on:
workflow_call:
inputs:
E2B_DOMAIN:
required: false
type: string
default: ''
secrets:
E2B_API_KEY:
required: true
permissions:
contents: read
jobs:
test:
defaults:
run:
working-directory: ./packages/cli
shell: bash
name: CLI - Build (${{ matrix.os }})
strategy:
matrix:
os: [ubuntu-22.04, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Parse .tool-versions
uses: wistia/parse-tool-versions@v2.1.1
with:
filename: '.tool-versions'
uppercase: 'true'
prefix: 'tool_version_'
- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: '${{ env.TOOL_VERSION_PNPM }}'
- name: Setup Node
uses: actions/setup-node@v6
with:
node-version: '${{ env.TOOL_VERSION_NODEJS }}'
registry-url: 'https://registry.npmjs.org'
cache: pnpm
cache-dependency-path: pnpm-lock.yaml
- name: Configure pnpm
run: |
pnpm config set auto-install-peers true
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Build the SDK (pre-requisite for the tests)
run: pnpm build
working-directory: ./packages/js-sdk
- name: Build the CLI
run: pnpm build
working-directory: ./packages/cli
- name: Run tests
run: pnpm test
working-directory: ./packages/cli
env:
E2B_API_KEY: ${{ secrets.E2B_API_KEY }}
E2B_DOMAIN: ${{ inputs.E2B_DOMAIN }}
+99
View File
@@ -0,0 +1,99 @@
name: Generated files
on:
pull_request:
permissions:
contents: read
jobs:
changes:
name: Detect changes
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
outputs:
generated: ${{ steps.filter.outputs.generated }}
steps:
- name: Filter changed paths
uses: dorny/paths-filter@v3
id: filter
with:
# `**/!(*.md)` excludes Markdown so docs-only changes don't trigger codegen checks.
filters: |
generated:
- 'spec/**/!(*.md)'
- 'codegen.Dockerfile'
- 'Makefile'
- 'packages/**/!(*.md)'
- 'pnpm-lock.yaml'
- 'pnpm-workspace.yaml'
- 'package.json'
- '.tool-versions'
- '.github/workflows/generated_files.yml'
check-generated:
name: Generated files
needs: changes
if: ${{ needs.changes.outputs.generated == 'true' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Parse .tool-versions
uses: wistia/parse-tool-versions@v2.1.1
with:
filename: '.tool-versions'
uppercase: 'true'
prefix: 'tool_version_'
- name: Install pnpm
uses: pnpm/action-setup@v4
id: pnpm-install
with:
version: '${{ env.TOOL_VERSION_PNPM }}'
- name: Setup Node
uses: actions/setup-node@v6
with:
node-version: '${{ env.TOOL_VERSION_NODEJS }}'
registry-url: 'https://registry.npmjs.org'
cache: pnpm
cache-dependency-path: pnpm-lock.yaml
- name: Configure pnpm
run: |
pnpm config set auto-install-peers true
pnpm config set exclude-links-from-lockfile true
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build codegen image with caching
uses: docker/build-push-action@v6
with:
context: .
file: codegen.Dockerfile
tags: codegen-env:latest
load: true # makes the image available for `docker run`
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Run codegen
run: CODEGEN_IMAGE=codegen-env:latest make codegen
- name: Check for uncommitted changes
run: |
if [[ -n $(git status --porcelain) ]]; then
echo "❌ Generated files are not up to date:"
git status --short
git diff
exit 1
else
echo "✅ No changes detected."
fi
+100
View File
@@ -0,0 +1,100 @@
name: Test JS SDK
on:
workflow_call:
inputs:
E2B_DOMAIN:
required: false
type: string
default: ''
secrets:
E2B_API_KEY:
required: true
permissions:
contents: read
jobs:
test:
defaults:
run:
working-directory: ./packages/js-sdk
shell: bash
name: JS SDK - Build and test (${{ matrix.os }})
strategy:
matrix:
os: [ubuntu-22.04, windows-latest]
fail-fast: false
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Parse .tool-versions
uses: wistia/parse-tool-versions@v2.1.1
with:
filename: '.tool-versions'
uppercase: 'true'
prefix: 'tool_version_'
- name: Install pnpm
uses: pnpm/action-setup@v4
id: pnpm-install
with:
version: '${{ env.TOOL_VERSION_PNPM }}'
- name: Setup Node
uses: actions/setup-node@v6
with:
node-version: '${{ env.TOOL_VERSION_NODEJS }}'
registry-url: 'https://registry.npmjs.org'
cache: pnpm
cache-dependency-path: pnpm-lock.yaml
- name: Configure pnpm
run: |
pnpm config set auto-install-peers true
pnpm config set exclude-links-from-lockfile true
- name: Install dependencies
run: |
pnpm install --frozen-lockfile
- name: Get Playwright version
id: playwright-version
run: echo "version=$(node -p "require('playwright/package.json').version")" >> "$GITHUB_OUTPUT"
- name: Cache Playwright browsers
uses: actions/cache@v4
with:
path: ${{ matrix.os == 'windows-latest' && '~/AppData/Local/ms-playwright' || '~/.cache/ms-playwright' }}
key: playwright-${{ runner.os }}-${{ steps.playwright-version.outputs.version }}
- name: Test build
run: pnpm build
- name: Run Node tests
run: pnpm test
env:
E2B_API_KEY: ${{ secrets.E2B_API_KEY }}
E2B_DOMAIN: ${{ inputs.E2B_DOMAIN }}
- name: Install Bun
uses: oven-sh/setup-bun@v2
- name: Run Bun tests
run: pnpm test:bun
env:
E2B_API_KEY: ${{ secrets.E2B_API_KEY }}
E2B_DOMAIN: ${{ inputs.E2B_DOMAIN }}
- name: Install Deno
uses: denoland/setup-deno@v1
with:
deno-version: v${{ env.TOOL_VERSION_DENO }}
- name: Run Deno tests
run: pnpm test:deno
env:
E2B_API_KEY: ${{ secrets.E2B_API_KEY }}
E2B_DOMAIN: ${{ inputs.E2B_DOMAIN }}
+101
View File
@@ -0,0 +1,101 @@
name: Lint
permissions:
contents: read
on:
pull_request:
jobs:
changes:
name: Detect changes
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
outputs:
code: ${{ steps.filter.outputs.code }}
steps:
- name: Filter changed paths
uses: dorny/paths-filter@v3
id: filter
with:
# `**/!(*.md)` excludes Markdown so docs-only changes don't trigger linting.
filters: |
code:
- 'packages/**/!(*.md)'
- 'spec/**/!(*.md)'
- '.oxlintrc.json'
- '.prettierrc'
- '.prettierignore'
- '.editorconfig'
- 'pnpm-lock.yaml'
- 'pnpm-workspace.yaml'
- 'package.json'
- '.tool-versions'
- '.github/workflows/lint.yml'
lint:
name: Lint
needs: changes
if: ${{ needs.changes.outputs.code == 'true' }}
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Parse .tool-versions
uses: wistia/parse-tool-versions@v2.1.1
with:
filename: '.tool-versions'
uppercase: 'true'
prefix: 'tool_version_'
- uses: pnpm/action-setup@v4
with:
version: '${{ env.TOOL_VERSION_PNPM }}'
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '${{ env.TOOL_VERSION_NODEJS }}'
cache: pnpm
- name: Configure pnpm
run: |
pnpm config set auto-install-peers true
pnpm config set exclude-links-from-lockfile true
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
version: '${{ env.TOOL_VERSION_UV }}'
python-version: '${{ env.TOOL_VERSION_PYTHON }}'
enable-cache: true
- name: Install Python dependencies
working-directory: packages/python-sdk
run: |
uv sync --locked
- name: Run linting
run: |
pnpm run lint
- name: Run formatting
run: |
pnpm run format
- name: Check for uncommitted changes
run: |
if [[ -n $(git status --porcelain) ]]; then
echo "❌ Files are not formatted properly:"
git status --short
git diff
exit 1
else
echo "✅ No changes detected."
fi
+142
View File
@@ -0,0 +1,142 @@
name: Package Artifacts
on:
pull_request:
types: [opened, synchronize, reopened]
permissions:
contents: read
pull-requests: write
jobs:
build:
name: Build Packages
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Parse .tool-versions
uses: wistia/parse-tool-versions@v2.1.1
with:
filename: '.tool-versions'
uppercase: 'true'
prefix: 'tool_version_'
- uses: pnpm/action-setup@v4
with:
version: '${{ env.TOOL_VERSION_PNPM }}'
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '${{ env.TOOL_VERSION_NODEJS }}'
cache: pnpm
- name: Configure pnpm
run: |
pnpm config set auto-install-peers true
pnpm config set exclude-links-from-lockfile true
- name: Sanitize branch name
env:
BRANCH: ${{ github.head_ref }}
run: |
echo "BRANCH_ID=$(echo "$BRANCH" | sed 's/[^0-9A-Za-z-]/-/g')" >> "$GITHUB_ENV"
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Build JS SDK
working-directory: packages/js-sdk
run: pnpm run build
- name: Pack JS SDK
working-directory: packages/js-sdk
run: |
npm version prerelease --preid=${{ env.BRANCH_ID }} --no-git-tag-version
npm pack
- name: Upload JS SDK artifact
uses: actions/upload-artifact@v4
with:
name: e2b-js-sdk
path: packages/js-sdk/*.tgz
- name: Build CLI
working-directory: packages/cli
run: pnpm run build
- name: Pack CLI
working-directory: packages/cli
run: |
npm version prerelease --preid=${{ env.BRANCH_ID }} --no-git-tag-version
npm pack
- name: Upload CLI artifact
uses: actions/upload-artifact@v4
with:
name: e2b-cli
path: packages/cli/*.tgz
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
version: '${{ env.TOOL_VERSION_UV }}'
python-version: '${{ env.TOOL_VERSION_PYTHON }}'
enable-cache: true
- name: Build Python SDK
working-directory: packages/python-sdk
run: |
BASE_VERSION=$(uv version --short)
uv version "${BASE_VERSION}+${BRANCH_ID}"
uv build
- name: Upload Python SDK artifact
uses: actions/upload-artifact@v4
with:
name: e2b-python-sdk
path: packages/python-sdk/dist/*
- name: Comment on PR
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
run: |
JS_VERSION=$(node -p "require('./packages/js-sdk/package.json').version")
CLI_VERSION=$(node -p "require('./packages/cli/package.json').version")
JS_TGZ=$(ls packages/js-sdk/*.tgz | xargs -n1 basename)
CLI_TGZ=$(ls packages/cli/*.tgz | xargs -n1 basename)
PY_VERSION=$(grep '^version' packages/python-sdk/pyproject.toml | head -1 | sed 's/.*"\(.*\)"/\1/')
PY_WHL=$(ls packages/python-sdk/dist/*.whl | xargs -n1 basename)
BODY="<!-- e2b-pkg-artifacts -->"$'\n'
BODY+="### Package Artifacts"$'\n\n'
BODY+="Built from ${GITHUB_SHA::7}. Download artifacts from [this workflow run](${RUN_URL})."$'\n\n'
BODY+="**JS SDK** (\`e2b@${JS_VERSION}\`):"$'\n'
BODY+='```sh'$'\n'
BODY+="npm install ./${JS_TGZ}"$'\n'
BODY+='```'$'\n\n'
BODY+="**CLI** (\`@e2b/cli@${CLI_VERSION}\`):"$'\n'
BODY+='```sh'$'\n'
BODY+="npm install ./${CLI_TGZ}"$'\n'
BODY+='```'$'\n\n'
BODY+="**Python SDK** (\`e2b==${PY_VERSION}\`):"$'\n'
BODY+='```sh'$'\n'
BODY+="pip install ./${PY_WHL}"$'\n'
BODY+='```'$'\n'
COMMENT_ID=$(gh api "repos/${{ github.repository }}/issues/${PR_NUMBER}/comments" \
--paginate \
--jq '.[] | select(.body | contains("<!-- e2b-pkg-artifacts -->")) | .id' \
| tail -1)
if [ -n "$COMMENT_ID" ]; then
gh api "repos/${{ github.repository }}/issues/comments/${COMMENT_ID}" \
-X PATCH -f body="$BODY"
else
gh pr comment "$PR_NUMBER" --body "$BODY"
fi
+114
View File
@@ -0,0 +1,114 @@
name: Publish Candidates
on:
workflow_call:
inputs:
js-sdk:
required: false
type: boolean
default: false
python-sdk:
required: false
type: boolean
default: false
cli:
required: false
type: boolean
default: false
tag:
required: true
type: string
preid:
required: true
type: string
permissions:
contents: read
id-token: write
jobs:
publish:
name: Publish Release Candidates
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Parse .tool-versions
uses: wistia/parse-tool-versions@v2.1.1
with:
filename: '.tool-versions'
uppercase: 'true'
prefix: 'tool_version_'
- uses: pnpm/action-setup@v4
if: ${{ inputs.js-sdk || inputs.cli }}
with:
version: '${{ env.TOOL_VERSION_PNPM }}'
- name: Setup Node.js
uses: actions/setup-node@v6
if: ${{ inputs.js-sdk || inputs.cli }}
with:
node-version: '${{ env.TOOL_VERSION_NODEJS }}'
registry-url: https://registry.npmjs.org
cache: pnpm
- name: Configure pnpm
if: ${{ inputs.js-sdk || inputs.cli }}
run: |
pnpm config set auto-install-peers true
pnpm config set exclude-links-from-lockfile true
- name: Update npm
if: ${{ inputs.js-sdk || inputs.cli }}
run: |
npm install -g npm@^11.6
npm --version
- name: Install uv
uses: astral-sh/setup-uv@v6
if: ${{ inputs.python-sdk }}
with:
version: '${{ env.TOOL_VERSION_UV }}'
python-version: '${{ env.TOOL_VERSION_PYTHON }}'
enable-cache: true
- name: Publish Python RC
if: ${{ inputs.python-sdk }}
working-directory: packages/python-sdk
run: |
BASE_VERSION=$(uv version --short)
uv version "${BASE_VERSION}rc${{ github.run_id }}"
uv build
uv publish --token ${PYPI_TOKEN} --check-url https://pypi.org/simple/
env:
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
- name: Install JS dependencies
if: ${{ inputs.js-sdk || inputs.cli }}
run: pnpm install --frozen-lockfile
- name: Publish JS RC
if: ${{ inputs.js-sdk }}
working-directory: packages/js-sdk
env:
RC_PREID: ${{ inputs.preid }}
RC_TAG: ${{ inputs.tag }}
run: |
npm version prerelease --preid="${RC_PREID}.${{ github.run_id }}" --no-git-tag-version
npm publish --tag "$RC_TAG" --provenance
- name: Reinstall dependencies
if: ${{ inputs.js-sdk || inputs.cli }}
run: pnpm install --frozen-lockfile
- name: Publish CLI RC
if: ${{ inputs.cli }}
working-directory: packages/cli
env:
RC_PREID: ${{ inputs.preid }}
RC_TAG: ${{ inputs.tag }}
run: |
npm version prerelease --preid="${RC_PREID}.${{ github.run_id }}" --no-git-tag-version
npm publish --tag "$RC_TAG" --provenance
+111
View File
@@ -0,0 +1,111 @@
name: Publish Packages
on:
workflow_call:
secrets:
E2B_API_KEY:
required: true
PYPI_TOKEN:
required: true
permissions:
contents: write
id-token: write
jobs:
test:
name: Build and test SDK
runs-on: ubuntu-22.04
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.VERSION_BUMPER_APPID }}
private-key: ${{ secrets.VERSION_BUMPER_SECRET }}
- name: Checkout Repo
uses: actions/checkout@v3
with:
token: ${{ steps.app-token.outputs.token }}
- name: Parse .tool-versions
uses: wistia/parse-tool-versions@v2.1.1
with:
filename: '.tool-versions'
uppercase: 'true'
prefix: 'tool_version_'
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
version: '${{ env.TOOL_VERSION_UV }}'
python-version: '${{ env.TOOL_VERSION_PYTHON }}'
enable-cache: true
- uses: pnpm/action-setup@v4
with:
version: '${{ env.TOOL_VERSION_PNPM }}'
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '${{ env.TOOL_VERSION_NODEJS }}'
registry-url: 'https://registry.npmjs.org'
cache: pnpm
- name: Configure pnpm
run: |
pnpm config set auto-install-peers true
pnpm config set exclude-links-from-lockfile true
- name: Update npm
run: |
npm install -g npm@^11.6
npm --version
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Create new versions
run: pnpm run version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Release new versions
uses: changesets/action@v1
with:
publish: pnpm run publish
createGithubReleases: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: "" # See https://github.com/changesets/changesets/issues/1152#issuecomment-3190884868
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
- name: Update lock file
run: pnpm i --no-link --no-frozen-lockfile
- name: Commit new versions
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git commit -am "[skip ci] Release new versions" || exit 0
# A PR merging mid-release makes this push a non-fast-forward. The
# artifacts were already published from the checked-out tree, so we
# only rebase the version bump over incoming changes that don't touch
# packages/. Otherwise the source would claim the published version
# contains code that isn't in the artifacts, so we fail loudly.
if git push; then
exit 0
fi
git fetch origin "${GITHUB_REF_NAME}"
if git diff --name-only "HEAD~1" FETCH_HEAD -- packages/ | grep -q .; then
echo "::error::'${GITHUB_REF_NAME}' advanced with changes under packages/ during the release. Refusing to rebase the version bump onto unpublished package code (the source would diverge from the published artifacts). Reconcile manually."
exit 1
fi
git pull --rebase origin "${GITHUB_REF_NAME}"
git push
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+57
View File
@@ -0,0 +1,57 @@
name: Test Python SDK
on:
workflow_call:
inputs:
E2B_DOMAIN:
required: false
type: string
default: ''
secrets:
E2B_API_KEY:
required: true
permissions:
contents: read
jobs:
test:
defaults:
run:
working-directory: ./packages/python-sdk
shell: bash
name: Python SDK - Build and test (${{ matrix.os }})
strategy:
fail-fast: false
matrix:
os: [ubuntu-22.04, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Parse .tool-versions
uses: wistia/parse-tool-versions@v2.1.1
with:
filename: '.tool-versions'
uppercase: 'true'
prefix: 'tool_version_'
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
version: '${{ env.TOOL_VERSION_UV }}'
python-version: '${{ env.TOOL_VERSION_PYTHON }}'
enable-cache: true
- name: Install dependencies
run: uv sync --locked
- name: Test build
run: uv build
- name: Run tests
run: uv run pytest --verbose --numprocesses=4
env:
E2B_API_KEY: ${{ secrets.E2B_API_KEY }}
E2B_DOMAIN: ${{ inputs.E2B_DOMAIN }}
+106
View File
@@ -0,0 +1,106 @@
name: Release candidate
on:
workflow_dispatch:
inputs:
js-sdk:
description: 'Release JS SDK'
required: false
default: false
type: boolean
python-sdk:
description: 'Release Python SDK'
required: false
default: false
type: boolean
cli:
description: 'Release CLI'
required: false
default: false
type: boolean
tag:
description: 'Dist-tag (e.g. rc, beta, snapshot)'
required: false
default: 'rc'
type: string
preid:
description: 'Prerelease identifier (defaults to branch name)'
required: false
default: ''
type: string
skip-tests:
description: 'Skip tests'
required: false
default: false
type: boolean
# Shared literal group so production and candidate releases on the same ref serialize.
concurrency: release-${{ github.ref }}
permissions:
id-token: write
contents: write
jobs:
rc-validate:
name: Validate RC inputs
runs-on: ubuntu-latest
outputs:
preid: ${{ steps.preid.outputs.preid }}
tag: ${{ steps.tag.outputs.tag }}
steps:
- name: Sanitize tag
id: tag
env:
RAW_TAG: ${{ github.event.inputs.tag }}
run: |
SAFE_TAG="$(echo "$RAW_TAG" | sed 's/[^0-9A-Za-z-]/-/g')"
echo "tag=$SAFE_TAG" >> "$GITHUB_OUTPUT"
- name: Block production tags
run: |
if [ "${{ steps.tag.outputs.tag }}" = "latest" ]; then
echo "::error::Publishing with the 'latest' tag is not allowed for candidates. Use the 'Release' workflow instead."
exit 1
fi
- name: Sanitize preid
id: preid
env:
RAW_PREID: ${{ github.event.inputs.preid || github.ref_name }}
run: |
echo "preid=$(echo "$RAW_PREID" | sed 's/[^0-9A-Za-z-]/-/g')" >> "$GITHUB_OUTPUT"
rc-python-tests:
name: RC Python Tests
needs: [rc-validate]
if: github.event.inputs.python-sdk == 'true' && github.event.inputs.skip-tests != 'true'
uses: ./.github/workflows/python_sdk_tests.yml
secrets: inherit
rc-js-tests:
name: RC JS Tests
needs: [rc-validate]
if: github.event.inputs.js-sdk == 'true' && github.event.inputs.skip-tests != 'true'
uses: ./.github/workflows/js_sdk_tests.yml
secrets: inherit
rc-cli-tests:
name: RC CLI Tests
needs: [rc-validate]
if: github.event.inputs.cli == 'true' && github.event.inputs.skip-tests != 'true'
uses: ./.github/workflows/cli_tests.yml
secrets: inherit
rc-publish:
name: Publish RC
needs: [rc-validate, rc-python-tests, rc-js-tests, rc-cli-tests]
if: (!cancelled()) && !contains(needs.*.result, 'failure') && needs.rc-validate.result == 'success'
uses: ./.github/workflows/publish_candidates.yml
with:
js-sdk: ${{ github.event.inputs.js-sdk == 'true' }}
python-sdk: ${{ github.event.inputs.python-sdk == 'true' }}
cli: ${{ github.event.inputs.cli == 'true' }}
tag: ${{ needs.rc-validate.outputs.tag }}
preid: ${{ needs.rc-validate.outputs.preid }}
secrets: inherit
+182
View File
@@ -0,0 +1,182 @@
name: Release
on:
workflow_dispatch: {}
# Shared literal group so production and candidate releases on the same ref serialize.
concurrency: release-${{ github.ref }}
permissions:
id-token: write
contents: write
jobs:
preflight:
name: Release preflight
runs-on: ubuntu-latest
outputs:
release: ${{ steps.version.outputs.release }}
js-sdk: ${{ steps.js.outputs.release }}
python-sdk: ${{ steps.python.outputs.release }}
cli: ${{ steps.cli.outputs.release }}
itinerary: ${{ steps.itinerary.outputs.itinerary }}
steps:
- name: Checkout Repo
uses: actions/checkout@v3
- name: Parse .tool-versions
uses: wistia/parse-tool-versions@v2.1.1
with:
filename: '.tool-versions'
uppercase: 'true'
prefix: 'tool_version_'
- name: Install pnpm
uses: pnpm/action-setup@v4
id: pnpm-install
with:
version: '${{ env.TOOL_VERSION_PNPM }}'
- name: Setup Node
uses: actions/setup-node@v6
with:
node-version: '${{ env.TOOL_VERSION_NODEJS }}'
registry-url: 'https://registry.npmjs.org'
cache: pnpm
cache-dependency-path: pnpm-lock.yaml
- name: Configure pnpm
run: |
pnpm config set auto-install-peers true
pnpm config set exclude-links-from-lockfile true
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Check if new version
id: version
run: |
IS_RELEASE=$(./.github/scripts/is_release.sh)
echo "release=$IS_RELEASE" >> "$GITHUB_OUTPUT"
- name: Check JavaScript SDK Release
id: js
if: steps.version.outputs.release == 'true'
run: |
IS_RELEASE=$(./.github/scripts/is_release_for_package.sh "e2b")
echo "release=$IS_RELEASE" >> "$GITHUB_OUTPUT"
- name: Check Python SDK Release
id: python
if: steps.version.outputs.release == 'true'
run: |
IS_RELEASE=$(./.github/scripts/is_release_for_package.sh "@e2b/python-sdk")
echo "release=$IS_RELEASE" >> "$GITHUB_OUTPUT"
- name: Check CLI Release
id: cli
if: steps.version.outputs.release == 'true'
run: |
IS_RELEASE=$(./.github/scripts/is_release_for_package.sh "@e2b/cli")
echo "release=$IS_RELEASE" >> "$GITHUB_OUTPUT"
- name: Build release itinerary
id: itinerary
if: steps.version.outputs.release == 'true'
run: |
pnpm changeset status --output=.cs-status.json
ITINERARY=$(node -e '
const data = require("./.cs-status.json");
const labels = { "e2b": "JS SDK (e2b)", "@e2b/python-sdk": "Python SDK (e2b)", "@e2b/cli": "CLI (@e2b/cli)" };
const order = ["e2b", "@e2b/python-sdk", "@e2b/cli"];
const byName = Object.fromEntries(data.releases.map(r => [r.name, r]));
const lines = order.filter(n => byName[n]).map(n => `• ${labels[n]} v${byName[n].newVersion}`);
process.stdout.write(lines.join("\n") || "• No packages were published");
')
rm -f .cs-status.json
{
echo "itinerary<<EOF"
echo "$ITINERARY"
echo "EOF"
} >> "$GITHUB_OUTPUT"
python-tests:
name: Python SDK Tests
needs: [preflight]
if: needs.preflight.outputs.python-sdk == 'true'
uses: ./.github/workflows/python_sdk_tests.yml
secrets: inherit
js-tests:
name: JS SDK Tests
needs: [preflight]
if: needs.preflight.outputs.js-sdk == 'true'
uses: ./.github/workflows/js_sdk_tests.yml
secrets: inherit
cli-tests:
name: CLI Tests
needs: [preflight]
if: needs.preflight.outputs.cli == 'true'
uses: ./.github/workflows/cli_tests.yml
secrets: inherit
publish:
name: Publish
needs: [preflight, python-tests, js-tests, cli-tests]
if: (!cancelled()) && !contains(needs.*.result, 'failure') && needs.preflight.outputs.release == 'true'
uses: ./.github/workflows/publish_packages.yml
secrets: inherit
report-start:
needs: [preflight]
if: needs.preflight.outputs.release == 'true'
name: Release Started - Slack Notification
runs-on: ubuntu-latest
steps:
- name: Release Started - Slack Notification
uses: rtCamp/action-slack-notify@33ca3be66c6f378fe1610fd1d5258632dbed5e58 # v2.4.0
env:
SLACK_COLOR: '#3aa3e3'
SLACK_MESSAGE: |
:rocket: A new release has been triggered :hourglass_flowing_sand:
*Releasing:*
${{ needs.preflight.outputs.itinerary }}
SLACK_TITLE: Release Started
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_CHANNEL: 'monitoring-releases'
report-failure:
needs: [python-tests, js-tests, cli-tests, publish]
if: failure()
name: Release Failed - Slack Notification
runs-on: ubuntu-latest
steps:
- name: Release Failed - Slack Notification
uses: rtCamp/action-slack-notify@33ca3be66c6f378fe1610fd1d5258632dbed5e58 # v2.4.0
env:
SLACK_COLOR: '#ff0000'
SLACK_MESSAGE: ':here-we-go-again: :bob-the-destroyer: We need :fix-parrot: ASAP :pray:'
SLACK_TITLE: Release Failed
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_CHANNEL: 'monitoring-releases'
report-success:
needs: [preflight, publish]
if: needs.publish.result == 'success'
name: Release Succeeded - Slack Notification
runs-on: ubuntu-latest
steps:
- name: Release Succeeded - Slack Notification
uses: rtCamp/action-slack-notify@33ca3be66c6f378fe1610fd1d5258632dbed5e58 # v2.4.0
env:
SLACK_COLOR: '#36a64f'
SLACK_MESSAGE: |
:tada: A new version has been released successfully! :ship-it-parrot:
*Released:*
${{ needs.preflight.outputs.itinerary }}
SLACK_TITLE: Release Succeeded
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_CHANNEL: 'monitoring-releases'
+133
View File
@@ -0,0 +1,133 @@
name: SDK Tests
on:
pull_request:
branches:
- main
workflow_dispatch:
permissions:
contents: read
jobs:
changes:
name: Detect changes
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
outputs:
js: ${{ steps.filter.outputs.js }}
python: ${{ steps.filter.outputs.python }}
cli: ${{ steps.filter.outputs.cli }}
steps:
- name: Filter changed paths
# On workflow_dispatch there is no PR diff and paths-filter would fall
# back to git (failing without a checkout); the job-level `if`s below
# force a full run for that event instead, so we only filter on pull_request.
if: github.event_name == 'pull_request'
uses: dorny/paths-filter@v3
id: filter
with:
# `**/!(*.md)` excludes Markdown so docs-only changes don't trigger the suites.
filters: |
shared: &shared
- '.github/workflows/sdk_tests.yml'
- 'spec/**/!(*.md)'
- 'pnpm-lock.yaml'
- 'pnpm-workspace.yaml'
- 'package.json'
- '.tool-versions'
js:
- *shared
- '.github/workflows/js_sdk_tests.yml'
- 'packages/js-sdk/**/!(*.md)'
python:
- *shared
- '.github/workflows/python_sdk_tests.yml'
- 'packages/python-sdk/**/!(*.md)'
- 'packages/connect-python/**/!(*.md)'
cli:
- *shared
- '.github/workflows/cli_tests.yml'
- 'packages/cli/**/!(*.md)'
- 'packages/js-sdk/**/!(*.md)'
js-tests:
name: Production / JS SDK Tests
needs: changes
if: ${{ needs.changes.outputs.js == 'true' || github.event_name == 'workflow_dispatch' }}
uses: ./.github/workflows/js_sdk_tests.yml
secrets:
E2B_API_KEY: ${{ secrets.E2B_API_KEY }}
python-tests:
name: Production / Python SDK Tests
needs: changes
if: ${{ needs.changes.outputs.python == 'true' || github.event_name == 'workflow_dispatch' }}
uses: ./.github/workflows/python_sdk_tests.yml
secrets:
E2B_API_KEY: ${{ secrets.E2B_API_KEY }}
cli-tests:
name: Production / CLI Tests
needs: changes
if: ${{ needs.changes.outputs.cli == 'true' || github.event_name == 'workflow_dispatch' }}
uses: ./.github/workflows/cli_tests.yml
secrets:
E2B_API_KEY: ${{ secrets.E2B_API_KEY }}
js-tests-staging:
name: Staging / JS SDK Tests
needs: changes
if: ${{ needs.changes.outputs.js == 'true' || github.event_name == 'workflow_dispatch' }}
uses: ./.github/workflows/js_sdk_tests.yml
with:
E2B_DOMAIN: ${{ vars.E2B_DOMAIN_STAGING }}
secrets:
E2B_API_KEY: ${{ secrets.E2B_API_KEY_STAGING }}
python-tests-staging:
name: Staging / Python SDK Tests
needs: changes
if: ${{ needs.changes.outputs.python == 'true' || github.event_name == 'workflow_dispatch' }}
uses: ./.github/workflows/python_sdk_tests.yml
with:
E2B_DOMAIN: ${{ vars.E2B_DOMAIN_STAGING }}
secrets:
E2B_API_KEY: ${{ secrets.E2B_API_KEY_STAGING }}
cli-tests-staging:
name: Staging / CLI Tests
needs: changes
if: ${{ needs.changes.outputs.cli == 'true' || github.event_name == 'workflow_dispatch' }}
uses: ./.github/workflows/cli_tests.yml
with:
E2B_DOMAIN: ${{ vars.E2B_DOMAIN_STAGING }}
secrets:
E2B_API_KEY: ${{ secrets.E2B_API_KEY_STAGING }}
status:
name: SDK Tests Status
# `changes` is included so a failure in change-detection (which would skip the
# suites) surfaces as a failed required check instead of a false green.
needs:
- changes
- js-tests
- python-tests
- cli-tests
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- name: Report aggregate result
run: |
echo "Job results: ${{ join(needs.*.result, ', ') }}"
if ${{ contains(needs.*.result, 'failure') }}; then
echo "::error::Change detection or a Production SDK test suite failed."
exit 1
fi
if ${{ contains(needs.*.result, 'cancelled') }}; then
echo "::error::Change detection or a Production SDK test suite was cancelled; tests were not verified — re-run before merging."
exit 1
fi
echo "All Production SDK test suites passed or were skipped."
+52
View File
@@ -0,0 +1,52 @@
name: Build and push prepared templates
on:
workflow_dispatch:
permissions:
contents: read
jobs:
buildAndPushImage:
defaults:
run:
working-directory: ./templates/base
name: Build and Push Image to DockerHub
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
run: |
docker buildx build \
--file e2b.Dockerfile \
--platform linux/amd64,linux/arm64 \
--push \
--tag ${{ secrets.DOCKERHUB_USERNAME }}/base:latest .
buildTemplate:
name: Build and Publish E2B Template
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Build and install E2B CLI
uses: ./.github/actions/build-cli
- name: Build and publish base template
working-directory: ./templates/base
env:
E2B_API_KEY: ${{ secrets.E2B_API_KEY }}
run: e2b template create base --memory-mb 512
+82
View File
@@ -0,0 +1,82 @@
name: Typecheck
on:
pull_request:
jobs:
changes:
name: Detect changes
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
outputs:
code: ${{ steps.filter.outputs.code }}
steps:
- name: Filter changed paths
uses: dorny/paths-filter@v3
id: filter
with:
# `**/!(*.md)` excludes Markdown so docs-only changes don't trigger typecheck.
filters: |
code:
- 'packages/**/!(*.md)'
- 'spec/**/!(*.md)'
- 'pnpm-lock.yaml'
- 'pnpm-workspace.yaml'
- 'package.json'
- '.tool-versions'
- '.github/workflows/typecheck.yml'
typecheck:
name: Typecheck
needs: changes
if: ${{ needs.changes.outputs.code == 'true' }}
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Parse .tool-versions
uses: wistia/parse-tool-versions@v2.1.1
with:
filename: '.tool-versions'
uppercase: 'true'
prefix: 'tool_version_'
- uses: pnpm/action-setup@v4
with:
version: '${{ env.TOOL_VERSION_PNPM }}'
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '${{ env.TOOL_VERSION_NODEJS }}'
cache: pnpm
- name: Configure pnpm
run: |
pnpm config set auto-install-peers true
pnpm config set exclude-links-from-lockfile true
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
version: '${{ env.TOOL_VERSION_UV }}'
python-version: '${{ env.TOOL_VERSION_PYTHON }}'
enable-cache: true
- name: Install Python dependencies
working-directory: packages/python-sdk
run: |
uv sync --locked
- name: Run typecheck
run: |
pnpm run typecheck