[CI] Set PYPI_TOKEN in build_wheel.yml #1542
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for pytorch-fbgemm-docs canceled.
|
shintaro-iwasaki
force-pushed
the
siwasaki/pr/fix_pypi_token
branch
4 times, most recently
from
61866e0 to
b1132e9
Compare
shintaro-iwasaki
force-pushed
the
siwasaki/pr/fix_pypi_token
branch
from
b1132e9 to
cb9d8cf
Compare
|
@shintaro-iwasaki has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator. |
|
@shintaro-iwasaki merged this pull request in dc328f2. |
facebook-github-bot
pushed a commit
that referenced
this pull request
Jan 14, 2023
Summary: This PR follows up #1542; `github.secrets` is not passed to a reusable workflow by default, so #1542 does not fix the issue. This PR solves the issue by setting `secrets: inherit` in the caller workflow script. ### [Details] The main PyPI upload mechanism is defined in `build_wheel.yml`. This is a "reusable workflow" and is triggered by `push_wheel_trigger.yml` every night. GitHub Actions, by default, does not pass `github.secrets` to a reusable workflow even if both belong to the same repository (https://docs.github.com/en/actions/using-workflows/reusing-workflows#passing-inputs-and-secrets-to-a-reusable-workflow). The setting above fixes the issue (as far as I tried locally). Note 1: This problem does not exist in the original scripts (e.g., `fbgemm_nightly_build.yml`) because they do not use a reusable workflow mechanism (i.e., both cron trigger and `pypi-upload` logics exist in the same file). Note 2: The new mechanism cannot define a trigger and `pypi-upload` in the same file as the original script does because I could not find a way to put all the following triggers in a single file: 1. cron-based job trigger (now in `push_wheel_trigger.yml`) 2. manual job trigger (=`workflow_dispatch`, now in `push_wheel_trigger.yml`) 3. per-PR job trigger to test wheel creation (enabled when a special label is added, now in `test_wheel_trigger.yml`) Pull Request resolved: #1546 Reviewed By: jianyuh Differential Revision: D42508939 Pulled By: shintaro-iwasaki fbshipit-source-id: 5ec2381327fbe143659b745cc8d7ed5a23c7694b
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PYPI_TOKENis not set in the new nightly wheel script (build_wheel.yml), so it fails to upload created wheel files to PYPI (https://github.com/pytorch/FBGEMM/actions/runs/3901417835). This PR fixes this issue.Details
We need to use a secret
PYPI_TOKENto upload wheel files to PyPI. It needs to be accessed viaenv(e.g., https://github.com/pytorch/FBGEMM/blob/v0.3.0/.github/workflows/fbgemm_nightly_build.yml#L264-L265).upload_pypijob in the new nightly script uses a Docker (vialinux_job.yml). Because I am not 100% sure if we can securely pass thisPYPI_TOKENto the Docker container, this PR changesupload_pypito use a default GitHub Action runner (ubuntu-latest) and passPYPI_TOKENas the original nightly script does, which is the standard method and therefore should be more secure.