chroma-core/chroma
21 workflows · maturity 67% · 9 patterns · GitHub ↗
Practices
✓ Matrix✓ Permissions○ Security scan○ AI review✓ Cache✓ Concurrency✓ Reusable workflows
Detected patterns
Security dimensions
Workflows (21)
_build_js_bindings perms .github/workflows/_build_js_bindings.yml
View raw YAML
name: JS Bindings CI
env:
DEBUG: napi:*
APP_NAME: "chromadb-js-bindings"
MACOSX_DEPLOYMENT_TARGET: '10.13'
permissions:
contents: write
id-token: write
'on':
workflow_dispatch: {}
workflow_call: {}
jobs:
build-macos:
name: Build macOS bindings
runs-on: macos-latest
defaults:
run:
working-directory: rust/js_bindings
steps:
- uses: actions/checkout@v4
- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 9
run_install: false
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: 20
cache: pnpm
cache-dependency-path: rust/js_bindings/pnpm-lock.yaml
- name: Set up Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Install Protoc
uses: arduino/setup-protoc@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Add targets
run: |
rustup target add x86_64-apple-darwin
rustup target add aarch64-apple-darwin
- name: Cache cargo
uses: actions/cache@v4
with:
path: |
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
rust/js_bindings/.cargo-cache
rust/js_bindings/target/
key: macos-cargo
- name: Install dependencies
run: pnpm install
- name: Build ARM64
run: pnpm build --target aarch64-apple-darwin
shell: bash
- name: Build x86_64
run: pnpm build --target x86_64-apple-darwin
shell: bash
- name: Upload ARM64 artifact
uses: actions/upload-artifact@v4
with:
name: bindings-aarch64-apple-darwin
path: rust/js_bindings/chromadb-js-bindings.darwin-arm64.node
if-no-files-found: error
- name: Upload x86_64 artifact
uses: actions/upload-artifact@v4
with:
name: bindings-x86_64-apple-darwin
path: rust/js_bindings/chromadb-js-bindings.darwin-x64.node
if-no-files-found: error
build-windows:
name: Build Windows bindings
runs-on: 8core-32gb-windows-latest
defaults:
run:
working-directory: rust/js_bindings
steps:
- uses: actions/checkout@v4
- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 9
run_install: false
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: 20
cache: pnpm
cache-dependency-path: rust/js_bindings/pnpm-lock.yaml
- name: Set up Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Install Protoc
uses: arduino/setup-protoc@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Add target
run: rustup target add x86_64-pc-windows-msvc
shell: bash
- name: Cache cargo
uses: actions/cache@v4
with:
path: |
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
rust/js_bindings/.cargo-cache
rust/js_bindings/target/
key: windows-cargo
- name: Install dependencies
run: pnpm install
- name: Build x86_64
run: pnpm build --target x86_64-pc-windows-msvc
shell: bash
- name: Upload x86_64 artifact
uses: actions/upload-artifact@v4
with:
name: bindings-x86_64-pc-windows-msvc
path: rust/js_bindings/chromadb-js-bindings.win32-x64-msvc.node
if-no-files-found: error
build-linux:
name: Build Linux bindings
runs-on: blacksmith-16vcpu-ubuntu-2404
defaults:
run:
working-directory: rust/js_bindings
steps:
- uses: actions/checkout@v4
- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 9
run_install: false
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: 20
cache: pnpm
cache-dependency-path: rust/js_bindings/pnpm-lock.yaml
- name: Set up Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Install Protoc
uses: arduino/setup-protoc@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Add targets
run: |
rustup target add x86_64-unknown-linux-gnu
rustup target add aarch64-unknown-linux-gnu
- name: Install ARM64 cross-compilation tools
run: |
sudo apt-get update
sudo apt-get install -y \
gcc-aarch64-linux-gnu \
g++-aarch64-linux-gnu \
libc6-dev-arm64-cross
- name: Cache cargo
uses: actions/cache@v4
with:
path: |
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
rust/js_bindings/.cargo-cache
rust/js_bindings/target/
key: linux-cargo
- name: Install dependencies
run: pnpm install
- name: Build ARM64
run: |
# Set linker and compiler environment variables
export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc
export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc
export CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++
# Add no_asm flag to avoid assembly issues
export RUSTFLAGS="--cfg no_asm"
# Build with the correct environment
pnpm build --target aarch64-unknown-linux-gnu
shell: bash
- name: Build x86_64
run: pnpm build --target x86_64-unknown-linux-gnu
shell: bash
- name: Upload ARM64 artifact
uses: actions/upload-artifact@v4
with:
name: bindings-aarch64-unknown-linux-gnu
path: rust/js_bindings/chromadb-js-bindings.linux-arm64-gnu.node
if-no-files-found: error
- name: Upload x86_64 artifact
uses: actions/upload-artifact@v4
with:
name: bindings-x86_64-unknown-linux-gnu
path: rust/js_bindings/chromadb-js-bindings.linux-x64-gnu.node
if-no-files-found: error
publish:
name: Publish
runs-on: ubuntu-latest
defaults:
run:
working-directory: rust/js_bindings
needs:
- build-macos
- build-windows
- build-linux
steps:
- uses: actions/checkout@v4
- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 9
run_install: false
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: 20
cache: pnpm
cache-dependency-path: rust/js_bindings/pnpm-lock.yaml
- name: Install dependencies
run: pnpm install
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: rust/js_bindings/artifacts
- name: List downloads
run: ls -R .
- name: Flatten artifact directory
run: find artifacts -type f -name '*.node' -exec mv {} ./artifacts/ \;
- name: List downloads
run: ls -R .
- name: Move artifacts
run: pnpm artifacts
- name: List packages
run: ls -R .
shell: bash
- name: Publish
run: |
set -e
npm config set provenance true
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
for dir in npm/*; do
if [ -d "$dir" ]; then
cd "$dir" && npm publish --access public && cd -
fi
done
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
_build_release_container matrix perms .github/workflows/_build_release_container.yml
View raw YAML
name: Build and publish container image to Docker and GitHub Container Registry
on:
workflow_dispatch:
inputs:
push:
description: 'Push the built image to registries'
required: true
default: false
type: boolean
tag:
description: 'Tag to publish'
required: true
type: string
tag_as_latest:
description: 'Tag as latest'
required: false
default: false
type: boolean
workflow_call:
inputs:
push:
description: 'Push the built image to registries'
required: true
default: false
type: boolean
tag:
description: 'Tag to publish'
required: true
type: string
tag_as_latest:
description: 'Tag as latest'
required: false
default: false
type: boolean
permissions:
contents: read
id-token: write
packages: write
env:
GHCR_IMAGE_NAME: "ghcr.io/chroma-core/chroma"
DOCKERHUB_IMAGE_NAME: "chromadb/chroma"
jobs:
build:
name: Build image for ${{ matrix.platform }}
runs-on: ${{ matrix.runner }}
strategy:
fail-fast: false
matrix:
platform: [amd64, arm64]
include:
- platform: amd64
runner: blacksmith-16vcpu-ubuntu-2404
docker_platform: linux/amd64
- platform: arm64
runner: blacksmith-16vcpu-ubuntu-2404-arm
docker_platform: linux/arm64
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Docker
uses: ./.github/actions/docker
with:
ghcr-username: ${{ github.actor }}
ghcr-password: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Compute arch-specific tags
id: tags
shell: bash
run: |
arch_tag="${{ inputs.tag }}-${{ matrix.platform }}"
ghcr="${{ env.GHCR_IMAGE_NAME }}:${arch_tag}"
dhub="${{ env.DOCKERHUB_IMAGE_NAME }}:${arch_tag}"
echo "arch_tag=$arch_tag" >> $GITHUB_OUTPUT
# expose *matrix-unique* step outputs
echo "ghcr_tag_${{ matrix.platform }}=$ghcr" >> $GITHUB_OUTPUT
echo "dockerhub_tag_${{ matrix.platform }}=$dhub" >> $GITHUB_OUTPUT
# these two tags are what the build-push action will publish for *this* arch
echo "tags=$ghcr,$dhub" >> $GITHUB_OUTPUT
- name: Pre-pull base images
shell: bash
run: |
set -euo pipefail
# Pre-pull base images to speed up the build
docker pull --platform ${{ matrix.docker_platform }} rust:1.92.0
docker pull --platform ${{ matrix.docker_platform }} debian:stable-slim
- name: Build and push image
uses: useblacksmith/build-push-action@v2
with:
context: .
file: rust/Dockerfile
target: cli
platforms: ${{ matrix.docker_platform }}
push: ${{ inputs.push }}
build-args: |
RELEASE_MODE=1
tags: ${{ steps.tags.outputs.tags }}
outputs:
ghcr_tag_amd64: ${{ steps.tags.outputs.ghcr_tag_amd64 }}
ghcr_tag_arm64: ${{ steps.tags.outputs.ghcr_tag_arm64 }}
dockerhub_tag_amd64: ${{ steps.tags.outputs.dockerhub_tag_amd64 }}
dockerhub_tag_arm64: ${{ steps.tags.outputs.dockerhub_tag_arm64 }}
merge:
name: Merge platform manifests
runs-on: blacksmith-4vcpu-ubuntu-2404
if: ${{ inputs.push == true }}
needs:
- build
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker
uses: ./.github/actions/docker
with:
ghcr-username: ${{ github.actor }}
ghcr-password: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Create and push manifest
shell: bash
run: |
set -euo pipefail
# Pull the per-arch tags from job-level outputs
ghcr_amd64='${{ needs.build.outputs.ghcr_tag_amd64 }}'
ghcr_arm64='${{ needs.build.outputs.ghcr_tag_arm64 }}'
dhub_amd64='${{ needs.build.outputs.dockerhub_tag_amd64 }}'
dhub_arm64='${{ needs.build.outputs.dockerhub_tag_arm64 }}'
base_tag='${{ inputs.tag }}'
ghcr_base="${{ env.GHCR_IMAGE_NAME }}:${base_tag}"
dhub_base="${{ env.DOCKERHUB_IMAGE_NAME }}:${base_tag}"
docker buildx imagetools create --tag "$ghcr_base" $ghcr_amd64 $ghcr_arm64
docker buildx imagetools create --tag "$dhub_base" $dhub_amd64 $dhub_arm64
if [[ "${{ inputs.tag_as_latest }}" == "true" ]]; then
docker buildx imagetools create --tag "${{ env.GHCR_IMAGE_NAME }}:latest" $ghcr_amd64 $ghcr_arm64
docker buildx imagetools create --tag "${{ env.DOCKERHUB_IMAGE_NAME }}:latest" $dhub_amd64 $dhub_arm64
fi
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.GHCR_IMAGE_NAME }}:${{ inputs.tag }}
docker buildx imagetools inspect ${{ env.DOCKERHUB_IMAGE_NAME }}:${{ inputs.tag }}
_build_release_pypi matrix perms .github/workflows/_build_release_pypi.yml
View raw YAML
name: Build & publish package to PyPI
on:
workflow_dispatch:
inputs:
publish_to_test_pypi:
description: 'Publish to test PyPI'
required: false
default: false
type: boolean
publish_to_pypi:
description: 'Publish to PyPI'
required: false
default: false
type: boolean
version:
description: 'Version to publish'
required: false
type: string
workflow_call:
inputs:
publish_to_test_pypi:
description: 'Publish to test PyPI'
required: false
default: false
type: boolean
publish_to_pypi:
description: 'Publish to PyPI'
required: false
default: false
type: boolean
version:
description: 'Version to publish'
required: false
type: string
permissions:
contents: read
jobs:
version:
name: Resolve version
runs-on: blacksmith-4vcpu-ubuntu-2404
outputs:
version: ${{ steps.resolve_version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Resolve version
shell: bash
id: resolve_version
run: |
pip install setuptools_scm
if [ -z "${{ inputs.version }}" ]; then
echo "version=$(python -m setuptools_scm)" >> $GITHUB_OUTPUT
else
echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT
fi
build:
name: build-${{ matrix.platform.os }}-${{ matrix.platform.target }}
runs-on: ${{ matrix.platform.runner }}
needs: version
strategy:
fail-fast: false
matrix:
platform:
- { os: linux, runner: blacksmith-4vcpu-ubuntu-2404, target: x86_64 }
- { os: linux, runner: blacksmith-4vcpu-ubuntu-2404-arm, target: aarch64 }
- { os: windows, runner: 8core-32gb-windows-latest, target: x64 }
- { os: macos, runner: macos-14, target: x86_64 }
- { os: macos, runner: macos-14, target: aarch64 }
steps:
- uses: actions/checkout@v4
- name: Setup Rust
uses: ./.github/actions/rust
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Set version in pyproject.toml
shell: bash
run: |
pip install toml
python -c "
import os
import toml
file_path = 'pyproject.toml'
data = toml.load(file_path)
# Set the package version
data['project']['version'] = '${{ needs.version.outputs.version }}'
data['project']['dynamic'] = []
with open(file_path, 'w') as f:
toml.dump(data, f)
"
- name: Build wheels
uses: PyO3/maturin-action@v1
with:
target: ${{ matrix.platform.target }}
args: ${{ matrix.platform.os == 'linux' && '--zig' || '' }} --release --out dist
container: "off"
- name: Upload wheels
uses: actions/upload-artifact@v4
with:
name: wheels-${{ matrix.platform.os }}-${{ matrix.platform.target }}
path: dist
sdist:
name: build-sdist
runs-on: blacksmith-4vcpu-ubuntu-2404
needs: version
steps:
- uses: actions/checkout@v4
- name: Setup Rust
uses: ./.github/actions/rust
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Set version in pyproject.toml
shell: bash
run: |
pip install toml
python -c "
import os
import toml
file_path = 'pyproject.toml'
data = toml.load(file_path)
# Set the package version
data['project']['version'] = '${{ needs.version.outputs.version }}'
data['project']['dynamic'] = []
with open(file_path, 'w') as f:
toml.dump(data, f)
"
- name: Build sdist
uses: PyO3/maturin-action@v1
with:
command: sdist
args: --out dist
- name: Test sdist
run: |
pip install dist/*.tar.gz
python -c "import chromadb; api = chromadb.Client(); print(api.heartbeat())"
- name: Upload sdist
uses: actions/upload-artifact@v4
with:
name: wheels-sdist
path: dist
release:
name: Release
runs-on: blacksmith-4vcpu-ubuntu-2404
if: ${{ inputs.publish_to_pypi || inputs.publish_to_test_pypi }}
needs: [build, sdist]
permissions:
# Use to sign the release artifacts
id-token: write
# Used to upload release artifacts
contents: write
# Used to generate artifact attestation
attestations: write
steps:
- uses: actions/download-artifact@v4
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: 'wheels-*/*'
- name: Publish to test PyPI
if: ${{ inputs.publish_to_test_pypi }}
uses: PyO3/maturin-action@v1
env:
MATURIN_PYPI_TOKEN: ${{ secrets.TEST_PYPI_API_TOKEN }}
MATURIN_REPOSITORY_URL: https://test.pypi.org/legacy/
with:
command: upload
args: --non-interactive wheels-*/*
- name: Publish to PyPI
if: ${{ inputs.publish_to_pypi }}
uses: PyO3/maturin-action@v1
env:
MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
with:
command: upload
args: --non-interactive wheels-*/*
_check_rust_release matrix .github/workflows/_check_rust_release.yml
View raw YAML
name: Rust tests
on:
workflow_call:
jobs:
test:
strategy:
matrix:
platform: [blacksmith-8vcpu-ubuntu-2404]
runs-on: ${{ matrix.platform }}
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
RUST_MIN_STACK_SIZE: 8388608
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Install cargo hack
run: cargo install cargo-hack
- name: Check chroma-error
run: cargo hack clippy -p chroma-error --all-targets --feature-powerset -- -D clippy::all
- name: Check chroma-api-types
run: cargo hack clippy -p chroma-api-types --all-targets --feature-powerset -- -D clippy::all
- name: Check chroma-types
run: cargo hack clippy -p chroma-types --all-targets --feature-powerset -- -D clippy::all
- name: Check chroma
run: cargo hack clippy -p chroma --all-targets --feature-powerset -- -D clippy::all
_check_spanner_migrations .github/workflows/_check_spanner_migrations.yml
View raw YAML
name: Check Spanner migrations
on:
workflow_call:
jobs:
check-migrations:
runs-on: blacksmith-4vcpu-ubuntu-2404
env:
CARGO_TERM_COLOR: always
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Generate migration sum
run: cargo run --bin spanner_migration -- generate-sum --root rust/spanner-migrations
- name: Check for uncommitted changes
run: |
if [ -n "$(git status --porcelain)" ]; then
echo "::error::Repository is dirty after generating migration sum. Please run 'cargo run --bin spanner_migration -- generate-sum --root rust/spanner-migrations' and commit the changes."
git status
git diff
exit 1
fi
_deploy .github/workflows/_deploy.yml
View raw YAML
name: Trigger deploy - staging
on:
workflow_call:
inputs:
ignore-lock:
description: 'If true, ignore the staging environment lock (for database updates).'
required: false
default: false
type: boolean
jobs:
deploy:
name: Deploy all -- staging
runs-on: blacksmith-4vcpu-ubuntu-2404
steps:
- name: Deploy all -- staging
uses: actions/github-script@v6
with:
github-token: ${{ secrets.HOSTED_CHROMA_WORKFLOW_DISPATCH_TOKEN}}
script: |
const result = await github.rest.actions.createWorkflowDispatch({
owner: 'chroma-core',
repo: 'hosted-chroma',
workflow_id: 'deploy.yaml',
ref: 'main',
inputs: {
environment: 'staging',
'service': 'all',
'ignore-lock': ${{ inputs.ignore-lock }},
'oss-ref': 'latest',
'hosted-ref': 'main',
}
})
console.log(result)
_go-tests .github/workflows/_go-tests.yml
View raw YAML
name: Go tests
on:
workflow_call:
jobs:
cluster-test:
runs-on: "blacksmith-16vcpu-ubuntu-2404"
# OIDC token auth for AWS
permissions:
contents: read
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup
uses: ./.github/actions/go
- name: Set up Docker
uses: ./.github/actions/docker
with:
dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Start Tilt services
uses: ./.github/actions/tilt
- run: bin/cluster-test.sh bash -c 'cd go && make test'
env:
# Ryuk cleans up containers and is enabled by default. In CI it causes tests to occasionally flake.
TESTCONTAINERS_RYUK_DISABLED: "true"
- name: Save service logs to artifact
if: always()
uses: ./.github/actions/export-tilt-logs
with:
artifact-name: "go-cluster-test"
_javascript-client-tests .github/workflows/_javascript-client-tests.yml
View raw YAML
name: JavaScript client tests
on:
workflow_call:
jobs:
test:
runs-on: blacksmith-4vcpu-ubuntu-2404
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Rust
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- uses: pnpm/action-setup@v3
with:
version: "9"
- name: Install dependencies
run: cd clients/new-js && pnpm install --no-frozen-lockfile
- name: Test
run: bin/ts-integration-test.sh
_python-tests matrix .github/workflows/_python-tests.yml
View raw YAML
name: Chroma Python Base Tests
on:
workflow_call:
inputs:
python_versions:
description: 'Python versions to test (as json array)'
required: false
default: '["3.9"]'
type: string
property_testing_preset:
description: 'Property testing preset'
required: true
type: string
runner:
description: 'Runner to test on (string)'
required: false
default: 'blacksmith-8vcpu-ubuntu-2404'
type: string
jobs:
test-rust-bindings:
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
python: ${{ fromJson(inputs.python_versions) }}
test-glob:
- "chromadb/test --ignore-glob 'chromadb/test/property/*' --ignore-glob 'chromadb/test/stress/*' --ignore-glob 'chromadb/test/distributed/*'"
- "chromadb/test/property --ignore-glob chromadb/test/property/test_cross_version_persist.py"
- "chromadb/test/property/test_cross_version_persist.py"
include:
- test-glob: "chromadb/test/property --ignore-glob chromadb/test/property/test_cross_version_persist.py"
parallelized: false # Disabled to fix INTERNALERROR crashes in CI
runs-on: ${{ inputs.runner }}
steps:
- uses: actions/checkout@v4
- name: Setup Python
uses: ./.github/actions/python
with:
python-version: ${{ matrix.python }}
- name: Setup Rust
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Build Rust bindings
uses: PyO3/maturin-action@v1
with:
command: build
- name: Install built wheel
shell: bash
run: pip install --no-index --find-links target/wheels/ chromadb
- name: Test
run: python -m pytest ${{ matrix.test-glob }} ${{ matrix.parallelized && '-n auto --dist worksteal' || '' }} -v --color=yes --durations 10
shell: bash
env:
PROPERTY_TESTING_PRESET: ${{ inputs.property_testing_preset }}
CHROMA_RUST_BINDINGS_TEST_ONLY: "1"
RUST_BACKTRACE: 1
test-rust-single-node-integration:
strategy:
fail-fast: false
matrix:
python: ${{ fromJson(inputs.python_versions) }}
test-glob:
- "chromadb/test --ignore-glob 'chromadb/test/property/*' --ignore-glob 'chromadb/test/stress/*' --ignore='chromadb/test/test_cli.py' --ignore-glob 'chromadb/test/distributed/*'"
- "chromadb/test/property/test_add.py"
- "chromadb/test/property/test_collections.py"
- "chromadb/test/property/test_collections_with_database_tenant.py"
- "chromadb/test/property/test_cross_version_persist.py"
- "chromadb/test/property/test_embeddings.py"
- "chromadb/test/property/test_filtering.py"
- "chromadb/test/property/test_persist.py"
- "chromadb/test/stress"
runs-on: ${{ inputs.runner }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python (${{ matrix.python }})
uses: ./.github/actions/python
- name: Setup Rust
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Rust Integration Test
run: bin/rust-integration-test.sh ${{ matrix.test-glob }}
shell: bash
env:
ENV_FILE: ${{ contains(inputs.runner, 'ubuntu') && 'compose-env.linux' || 'compose-env.windows' }}
PROPERTY_TESTING_PRESET: ${{ inputs.property_testing_preset }}
test-rust-thin-client:
strategy:
matrix:
python: ${{ fromJson(inputs.python_versions) }}
test-glob:
- "chromadb/test/property/test_add.py"
- "chromadb/test/property/test_collections.py"
- "chromadb/test/property/test_collections_with_database_tenant.py"
- "chromadb/test/property/test_embeddings.py"
- "chromadb/test/property/test_filtering.py"
runs-on: ${{ inputs.runner }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python (${{ matrix.python }})
uses: ./.github/actions/python
with:
python-version: ${{ matrix.python }}
- name: Setup Rust
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Test
run: bin/rust-integration-test.sh ${{ matrix.test-glob }}
shell: bash
env:
CHROMA_THIN_CLIENT: "1"
MULTI_REGION: "true"
ENV_FILE: ${{ contains(inputs.runner, 'ubuntu') && 'compose-env.linux' || 'compose-env.windows' }}
PROPERTY_TESTING_PRESET: ${{ inputs.property_testing_preset }}
test-cluster-rust-frontend:
if: ${{ contains(inputs.runner, 'ubuntu') }}
strategy:
fail-fast: false
matrix:
python: ${{ fromJson(inputs.python_versions) }}
test-glob:
- "chromadb/test/api"
- "chromadb/test/api/test_collection.py"
- "chromadb/test/api/test_limit_offset.py"
- "chromadb/test/property/test_collections.py"
- "chromadb/test/property/test_add.py"
- "chromadb/test/property/test_filtering.py"
- "chromadb/test/property/test_fork.py"
- "chromadb/test/property/test_embeddings.py"
- "chromadb/test/property/test_collections_with_database_tenant.py"
- "chromadb/test/property/test_collections_with_database_tenant_overwrite.py"
- "chromadb/test/distributed/test_sanity.py"
- "chromadb/test/distributed/test_log_backpressure.py"
- "chromadb/test/distributed/test_repair_collection_log_offset.py"
- "chromadb/test/distributed/test_task_api.py"
- "chromadb/test/distributed/test_statistics_wrapper.py"
- "chromadb/test/api/test_indexing_status.py"
include:
- test-glob: "chromadb/test/property/test_add.py"
parallelized: false
- test-glob: "chromadb/test/property/test_embeddings.py"
parallelized: true
# Tests that create tenants need MULTI_REGION for spanner instance
- test-glob: "chromadb/test/api"
- test-glob: "chromadb/test/property/test_collections_with_database_tenant.py"
- test-glob: "chromadb/test/property/test_collections_with_database_tenant_overwrite.py"
runs-on: blacksmith-8vcpu-ubuntu-2404
# OIDC token auth for AWS
permissions:
contents: read
id-token: write
env:
MULTI_REGION: "true"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python (${{ matrix.python }})
uses: ./.github/actions/python
with:
python-version: ${{ matrix.python }}
- name: Setup Docker
uses: ./.github/actions/docker
with:
dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Start Tilt services
uses: ./.github/actions/tilt
- name: Test
run: bin/cluster-test.sh bash -c 'python -m pytest "${{ matrix.test-glob }}" ${{ matrix.parallelized && '-n auto --dist worksteal' || '' }} --durations 10'
shell: bash
env:
PROPERTY_TESTING_PRESET: ${{ inputs.property_testing_preset }}
CHROMA_RUST_FRONTEND_TEST_ONLY: "1"
CHROMA_SERVER_HOST: "localhost:8000"
- name: Compute artifact name
if: always()
id: compute-artifact-name
run: echo "artifact_name=cluster_logs_rust_frontend_$(basename "${{ matrix.test-glob }}" .py)_${{ matrix.python }}" >> $GITHUB_OUTPUT
- name: Save service logs to artifact
if: always()
uses: ./.github/actions/export-tilt-logs
with:
artifact-name: ${{ steps.compute-artifact-name.outputs.artifact_name }}
merge-cluster-logs:
if: ${{ contains(inputs.runner, 'ubuntu') }}
runs-on: blacksmith-4vcpu-ubuntu-2404
needs: test-cluster-rust-frontend
steps:
- name: Merge
uses: actions/upload-artifact/merge@v4
with:
name: cluster_test_logs
pattern: cluster_logs_*
test-rust-bindings-stress:
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
python: ${{ fromJson(inputs.python_versions) }}
runs-on: ${{ inputs.runner }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python (${{ matrix.python }})
uses: ./.github/actions/python
with:
python-version: ${{ matrix.python }}
- name: Setup Rust
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Build Rust bindings
uses: PyO3/maturin-action@v1
with:
command: build
- name: Install built wheel
shell: bash
run: pip install --no-index --find-links target/wheels/ chromadb
- name: Test
run: python -m pytest chromadb/test/stress --durations 10
shell: bash
env:
PROPERTY_TESTING_PRESET: ${{ inputs.property_testing_preset }}
CHROMA_RUST_BINDINGS_TEST_ONLY: "1"
test-python-cli:
strategy:
fail-fast: false
matrix:
python: ${{ fromJson(inputs.python_versions) }}
runs-on: ${{ inputs.runner }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python (${{ matrix.python }})
uses: ./.github/actions/python
- name: Setup Rust
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Build Rust bindings
uses: PyO3/maturin-action@v1
with:
command: build
- name: Install built wheel
shell: bash
run: pip install --no-index --find-links target/wheels/ chromadb
- name: Integration Test
run: python -m pytest "chromadb/test/test_cli.py"
shell: bash
env:
ENV_FILE: ${{ contains(inputs.runner, 'ubuntu') && 'compose-env.linux' || 'compose-env.windows' }}
PROPERTY_TESTING_PRESET: ${{ inputs.property_testing_preset }}
test-windows-smoke:
# only run windows smoke tests when the runner isn't already windows,
# also only run the smoke tests on PRs (ie not main and not tags) since
# we are already running the full suite on Windows in those cases
if: ${{ !contains(inputs.runner, 'windows') && github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/tags/') }}
strategy:
fail-fast: false
matrix:
python: ${{ fromJson(inputs.python_versions) }}
runs-on: 8core-32gb-windows-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python
uses: ./.github/actions/python
with:
python-version: ${{ matrix.python }}
- name: Setup Rust
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Build Rust bindings
uses: PyO3/maturin-action@v1
with:
command: build
- name: Install built wheel
shell: bash
run: pip install --no-index --find-links target/wheels/ chromadb
- name: Run tests
run: python -m pytest chromadb/test/test_api.py ${{ matrix.parallelized && '-n auto --dist worksteal' || '' }} -v --color=yes --durations 10
shell: bash
env:
CHROMA_RUST_BINDINGS_TEST_ONLY: "1"
RUST_BACKTRACE: 1
_python-vulnerability-scan .github/workflows/_python-vulnerability-scan.yml
View raw YAML
name: Scan for Python Vulnerabilities
on:
workflow_call:
jobs:
bandit-scan:
runs-on: blacksmith-4vcpu-ubuntu-2404
steps:
- uses: actions/checkout@v4
- name: Setup
uses: ./.github/actions/python
- uses: ./.github/actions/bandit-scan/
with:
input-dir: '.'
format: 'json'
bandit-config: 'bandit.yaml'
output-file: 'bandit-report.json'
- name: Upload Bandit Report
uses: actions/upload-artifact@v4
with:
name: bandit-artifact
path: |
bandit-report.json
_rust-tests matrix .github/workflows/_rust-tests.yml
View raw YAML
name: Rust tests
on:
workflow_call:
inputs:
# PR workflow passes false to save runner time; release keeps benches enabled.
# If benchmarks prove useful for regression detection, add a scheduled workflow
# (e.g. nightly) that calls this reusable workflow with run_rust_benchmarks: true.
run_rust_benchmarks:
description: Whether to run the cargo bench matrix jobs
type: boolean
default: true
jobs:
test:
strategy:
matrix:
platform: [blacksmith-8vcpu-ubuntu-2404]
runs-on: ${{ matrix.platform }}
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
RUST_MIN_STACK_SIZE: 8388608
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Build CLI
run: cargo build --bin chroma
- name: Test
run: cargo nextest run --profile ci
- name: Doc test
run: cargo test --doc
test-long:
runs-on: blacksmith-8vcpu-ubuntu-2404
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
RUST_MIN_STACK_SIZE: 8388608
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Test
run: cargo nextest run --profile ci_long_running
test-storage-gcs:
runs-on: blacksmith-8vcpu-ubuntu-2404
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
RUST_MIN_STACK_SIZE: 8388608
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Extract credentials
run: |
echo '${{ secrets.TEST_CRED_GCS }}' > ${{ github.workspace }}/cred_gcs.json
- name: Test
run: cargo nextest run --profile storage_gcs
env:
GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/cred_gcs.json
TEST_CMEK_GCS: ${{ secrets.TEST_CMEK_GCS }}
test-integration:
strategy:
matrix:
platform: [blacksmith-16vcpu-ubuntu-2404]
nextest_profile: [ci_k8s_integration, ci_k8s_integration_slow]
partition: [1, 2]
include:
- nextest_profile: ci_k8s_integration
partition_method: hash
- nextest_profile: ci_k8s_integration_slow
partition_method: count
runs-on: ${{ matrix.platform }}
name: Integration test ${{ matrix.nextest_profile }} ${{ matrix.partition }}
# OIDC token auth for AWS
permissions:
contents: read
id-token: write
env:
CARGO_TERM_COLOR: always
RUST_MIN_STACK_SIZE: 8388608
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Set up Docker
uses: ./.github/actions/docker
with:
dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Start services in Tilt
uses: ./.github/actions/tilt
- name: Build CLI
run: cargo build --bin chroma
- name: Run tests
run: cargo nextest run --profile ${{ matrix.nextest_profile }} --partition ${{ matrix.partition_method }}:${{ matrix.partition }}/2 --no-tests warn
- name: Save service logs to artifact
if: always()
uses: ./.github/actions/export-tilt-logs
with:
artifact-name: "rust-integration-test-${{ matrix.nextest_profile }}-${{ matrix.partition }}"
test-benches:
if: inputs.run_rust_benchmarks
strategy:
matrix:
platform: [blacksmith-16vcpu-ubuntu-2404]
bench-command:
- "--bench blockfile_writer -- --sample-size 10"
- "--bench distance_metrics"
- "--bench filter"
- "--bench get"
- "--bench limit"
- "--bench query"
runs-on: ${{ matrix.platform }}
env:
RUST_BACKTRACE: 1
RUST_MIN_STACK_SIZE: 8388608
CARGO_TERM_COLOR: always
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Run benchmark
run: cargo bench ${{ matrix.bench-command }}
test-mcmr-integration:
runs-on: blacksmith-16vcpu-ubuntu-2404
# OIDC token auth for AWS
permissions:
contents: read
id-token: write
env:
CARGO_TERM_COLOR: always
RUST_MIN_STACK_SIZE: 8388608
MULTI_REGION: "true"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Set up Docker
uses: ./.github/actions/docker
with:
dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Tilt Setup & Pre-Build
uses: ./.github/actions/tilt-setup-prebuild
- name: Start Tilt with MULTI_REGION
shell: bash
env:
MULTI_REGION: "true"
run: tilt ci
- name: Forward ports
shell: bash
run: |
# tilt ci does not forward ports
# https://github.com/tilt-dev/tilt/issues/5964
kubectl -n chroma port-forward svc/sysdb 50051:50051 &
kubectl -n chroma port-forward svc/rust-log-service 50054:50051 &
kubectl -n chroma port-forward svc/query-service 50053:50051 &
kubectl -n chroma port-forward svc/rust-frontend-service 8000:8000 &
kubectl -n chroma port-forward svc/minio 9000:9000 &
kubectl -n chroma port-forward svc/jaeger 16686:16686 &
# Forward Spanner emulator port for rust-sysdb backend tests
kubectl -n chroma port-forward svc/spanner 9010:9010 &
- name: Run mcmr k8s integration tests
run: cargo nextest run --profile mcmr_k8s_integration --test-threads 1
- name: Save service logs to artifact
if: always()
uses: ./.github/actions/export-tilt-logs
with:
artifact-name: "mcmr-integration-test"
can-build-release:
runs-on: blacksmith-16vcpu-ubuntu-2404
env:
RUST_MIN_STACK_SIZE: 8388608
CARGO_TERM_COLOR: always
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Build in release mode
run: cargo build --release
apply-hotfix .github/workflows/apply-hotfix.yaml
View raw YAML
name: Apply hotfix to branch
on:
workflow_dispatch:
inputs:
pr_number:
description: 'Number of merged pull request containing the hotfix.'
required: true
branch_name:
description: 'Name of branch (release/* or rc/*) to apply hotfix to. Defaults to latest release branch.'
jobs:
resolve-branch:
runs-on: blacksmith-4vcpu-ubuntu-2404
outputs:
branch_name: ${{ steps.resolve_branch.outputs.branch_name }}
branch_type: ${{ steps.resolve_branch.outputs.branch_type }}
steps:
- name: Check out repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Resolve branch name
id: resolve_branch
run: |
if [ "${{ github.event.inputs.branch_name }}" != "" ]; then
branch_name="${{ github.event.inputs.branch_name }}"
else
branch_name=$(git branch -r --list 'origin/release/*' | grep -E 'release/[0-9]{4}-[0-9]{2}-[0-9]{2}' | sort -r | head -n 1 | xargs)
fi
if [ -z "$branch_name" ]; then
echo "No release branch found."
exit 1
fi
branch_type=$(echo $branch_name | awk -F'[-/]' '{print $1}' )
echo "branch_name=$branch_name" >> $GITHUB_OUTPUT
echo "branch_type=$branch_type" >> $GITHUB_OUTPUT
create-hotfix-pr:
runs-on: blacksmith-4vcpu-ubuntu-2404
needs:
- resolve-branch
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
token: ${{ secrets.HOSTED_CHROMA_WORKFLOW_DISPATCH_TOKEN }}
fetch-depth: 0
- name: Checkout branch
run: git checkout ${{ needs.resolve-branch.outputs.branch_name }}
- name: Get merge commit SHA
id: get_merge_commit_sha
run: |
MERGE_COMMIT_SHA=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.inputs.pr_number }} --jq '.merge_commit_sha')
echo "Merge commit SHA: $MERGE_COMMIT_SHA"
echo "MERGE_COMMIT_SHA=$MERGE_COMMIT_SHA" >> $GITHUB_OUTPUT
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Git
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
- name: Attempt cherry-pick
run: |
BRANCH_NAME="hotfix-${{ github.event.inputs.pr_number }}/${{ needs.resolve-branch.outputs.branch_name }}"
echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
git checkout -b $BRANCH_NAME
set +e
git cherry-pick ${{ steps.get_merge_commit_sha.outputs.MERGE_COMMIT_SHA }} -m 1
status=$?
set -e
if [ $status -eq 0 ]; then
echo "Cherry-pick succeeded."
else
echo "Cherry-pick resulted in merge conflicts. Committing conflicts as-is."
git add -A
# Commit the conflicted state as-is. This will include conflict markers in the committed files.
# The user will have to resolve them manually on the PR.
git commit -m "Cherry-pick with conflicts: ${{ steps.get_merge_commit_sha.outputs.MERGE_COMMIT_SHA }}"
fi
- name: Push new branch
run: |
git push origin $BRANCH_NAME
- name: Create Pull Request
uses: actions/github-script@v7
with:
github-token: ${{ secrets.HOSTED_CHROMA_WORKFLOW_DISPATCH_TOKEN }}
script: |
const baseBranch = "${{ needs.resolve-branch.outputs.branch_name }}"
const headBranch = process.env.BRANCH_NAME
const cherryCommit = "${{ steps.get_merge_commit_sha.outputs.MERGE_COMMIT_SHA }}"
const assignee = context.actor
const { data: pr } = await github.rest.pulls.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: `[HOTFIX] applying PR #${context.payload.inputs.pr_number} to ${{ needs.resolve-branch.outputs.branch_name}}`,
head: headBranch,
base: baseBranch,
body: `This PR cherry-picks the commit ${cherryCommit} onto ${{ needs.resolve-branch.outputs.branch_name }}. If there are unresolved conflicts, please resolve them manually.`,
assignees: [assignee],
requested_reviewers: [assignee],
})
core.info(`Created PR #${pr.number}: ${pr.html_url}`)
// Assign the PR to the user who triggered the workflow
await github.rest.issues.addAssignees({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr.number,
assignees: [assignee],
})
core.info(`Assigned PR #${pr.number} to ${assignee}`)
// Request a review from the same user
await github.rest.pulls.requestReviewers({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: pr.number,
reviewers: [assignee]
})
core.info(`Requested review from ${assignee} on PR #${pr.number}`)
// Add a link to the hotfix PR in the action summary
core.summary.addHeading('Link to Hotfix PR', '2')
core.summary.addLink(`chroma-core/chroma #${pr.number}`, pr.html_url)
nightly-tests matrix .github/workflows/nightly-tests.yml
View raw YAML
name: Run (intensive) tests nightly
on:
workflow_dispatch:
schedule:
# 2:15 AM PDT, offseted by a few minutes because:
# "The schedule event can be delayed during periods of high loads of GitHub Actions workflow runs. High load times include the start of every hour. If the load is sufficiently high enough, some queued jobs may be dropped."
- cron: '15 9 * * *'
jobs:
test-cluster:
strategy:
fail-fast: false
matrix:
test-globs: ["chromadb/test/property/test_collections.py",
"chromadb/test/property/test_add.py",
"chromadb/test/property/test_filtering.py",
"chromadb/test/property/test_embeddings.py"]
runs-on: "blacksmith-8vcpu-ubuntu-2404"
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/python
with:
python-version: "3.12"
- uses: useblacksmith/setup-docker-builder@v1
- uses: ./.github/actions/tilt
- name: Test
run: bin/cluster-test.sh bash -c 'python -m pytest "${{ matrix.test-globs }}"'
shell: bash
env:
PROPERTY_TESTING_PRESET: slow
- name: Create artifact name
id: create-artifact-name
run: |
ARTIFACT_NAME=$(echo "${{ matrix.test-globs }}" | tr '/' '_' | tr '.' '_')
echo "artifact_name=$ARTIFACT_NAME" >> $GITHUB_OUTPUT
- name: Save service logs to artifact
if: always()
uses: ./.github/actions/export-tilt-logs
with:
artifact-name: "tilt-logs-${{ steps.create-artifact-name.outputs.artifact_name }}"
- name: Send PagerDuty alert on failure
if: ${{ failure() }}
uses: Entle/action-pagerduty-alert@0.2.0
with:
pagerduty-integration-key: '${{ secrets.PAGERDUTY_INTEGRATION_KEY }}'
pagerduty-dedup-key: distributed-test-failed-${{ matrix.test-globs}}
merge-cluster-logs:
runs-on: blacksmith-4vcpu-ubuntu-2404
needs: test-cluster
steps:
- name: Merge
uses: actions/upload-artifact/merge@v4
with:
name: cluster_test_logs
pattern: cluster_logs_*
pr .github/workflows/pr.yml
View raw YAML
name: PR checks
on:
pull_request:
branches:
- main
- "**"
# Cancel any in-progress workflows when a new commit is pushed to the PR.
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
# This job detects what changed and determines which tests to run
change-detection:
name: Detect changes and determine tests
runs-on: blacksmith-4vcpu-ubuntu-2404
outputs:
helm-changes: ${{ steps.filter.outputs.helm-changes }}
# Test flags as a JSON array
tests-to-run: ${{ steps.determine-tests.outputs.tests-to-run }}
# Helm version check
helm-version-changed: ${{ steps.helm-version.outputs.version_changed }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Filter changes
id: filter
uses: dorny/paths-filter@v3
with:
predicate-quantifier: "some"
filters: |
# Helm chart changes
helm-changes:
- 'k8s/distributed-chroma/**'
# JavaScript client changes
js-client:
- 'clients/js/**'
# Rust paths: JS client runs integration tests against the Rust server
- 'rust/**'
- 'Cargo.toml'
- 'Cargo.lock'
- 'idl/**'
# Go paths: chorma backend is partially go
- 'go/**'
# Rust and related - run rust when any of these change
rust:
- 'rust/**'
- 'Cargo.toml'
- 'Cargo.lock'
- 'idl/**'
# Go paths: Go and Rust services talk to each other
- 'go/**'
# Python and related
python:
- 'chromadb/**'
- 'clients/python/**'
- 'requirements.txt'
- 'requirements_dev.txt'
- 'pyproject.toml'
- 'idl/**'
# Rust paths: Rust changes can affect Python bindings and client
- 'rust/**'
- 'Cargo.toml'
- 'Cargo.lock'
# Go paths: chorma backend is partially go
- 'go/**'
# Go
go:
- 'go/**'
# Rust paths: Rust and Go services talk to each other
- 'rust/**'
- 'Cargo.toml'
- 'Cargo.lock'
- 'idl/**'
# CI/CD and core infra - run all tests when these change
ci-infra:
- '.github/**'
- '**/Dockerfile*'
- 'bin/**'
- '**/docker-compose*.yml'
- 'Makefile'
- name: Determine tests to run
id: determine-tests
env:
FILTER_JS_CLIENT: ${{ steps.filter.outputs.js-client }}
FILTER_RUST: ${{ steps.filter.outputs.rust }}
FILTER_PYTHON: ${{ steps.filter.outputs.python }}
FILTER_GO: ${{ steps.filter.outputs.go }}
FILTER_CI_INFRA: ${{ steps.filter.outputs.ci-infra }}
run: bin/ci/determine-tests-to-run.sh
- name: Check Helm version change
id: helm-version
if: steps.filter.outputs.helm-changes == 'true'
shell: bash
run: |
current=$(git show HEAD:$file | yq ".version")
previous=$(git show HEAD^:$file | yq ".version")
echo "version=$current" >> $GITHUB_OUTPUT
if [ "$current" != "$previous" ]; then
echo "Version field in $file was changed from $previous to $current"
echo "version_changed=true" >> $GITHUB_OUTPUT
else
echo "Version field in $file was not changed"
echo "version_changed=false" >> $GITHUB_OUTPUT
fi
env:
file: k8s/distributed-chroma/Chart.yaml
check-helm-version-bump:
name: Warn if Helm chart was updated without version bump
needs: change-detection
if: needs.change-detection.outputs.helm-changes == 'true'
runs-on: blacksmith-4vcpu-ubuntu-2404
permissions:
pull-requests: write
steps:
- uses: actions/checkout@v4
- name: Comment warning
if: needs.change-detection.outputs.helm-version-changed == 'false'
uses: marocchino/sticky-pull-request-comment@v2
with:
header: helm-chart-version-info
message: |
:warning: The Helm chart was updated without a version bump. Your changes will only be published if the version field in `k8s/distributed-chroma/Chart.yaml` is updated.
- name: Comment success
if: needs.change-detection.outputs.helm-version-changed == 'true'
uses: marocchino/sticky-pull-request-comment@v2
with:
header: helm-chart-version-info
message: |
:white_check_mark: The Helm chart's version was changed. Your changes to the chart will be published upon merge to `main`.
delete-helm-comment:
name: Delete Helm chart comment if not changed
needs: change-detection
if: needs.change-detection.outputs.helm-changes == 'false'
runs-on: blacksmith-4vcpu-ubuntu-2404
permissions:
pull-requests: write
steps:
- name: Delete comment (Helm chart was not changed)
uses: marocchino/sticky-pull-request-comment@v2
with:
header: helm-chart-version-info
delete: true
python-tests:
name: Python tests
needs: change-detection
if: contains(fromJson(needs.change-detection.outputs.tests-to-run), 'python')
uses: ./.github/workflows/_python-tests.yml
secrets: inherit
with:
property_testing_preset: "normal"
python-vulnerability-scan:
name: Python vulnerability scan
needs: change-detection
if: contains(fromJson(needs.change-detection.outputs.tests-to-run), 'python')
uses: ./.github/workflows/_python-vulnerability-scan.yml
javascript-client-tests:
name: JavaScript client tests
needs: change-detection
if: contains(fromJson(needs.change-detection.outputs.tests-to-run), 'js-client')
uses: ./.github/workflows/_javascript-client-tests.yml
rust-tests:
name: Rust tests
needs: change-detection
if: contains(fromJson(needs.change-detection.outputs.tests-to-run), 'rust')
uses: ./.github/workflows/_rust-tests.yml
secrets: inherit
with:
# Benches are off on PRs; see _rust-tests.yml for a note on running them on a schedule.
run_rust_benchmarks: false
rust-feature-tests:
name: Rust feature tests
needs: change-detection
if: contains(fromJson(needs.change-detection.outputs.tests-to-run), 'rust')
uses: ./.github/workflows/_check_rust_release.yml
secrets: inherit
go-tests:
name: Go tests
needs: change-detection
if: contains(fromJson(needs.change-detection.outputs.tests-to-run), 'go')
uses: ./.github/workflows/_go-tests.yml
secrets: inherit
check-spanner-migrations:
name: Check Spanner migrations
needs: change-detection
if: contains(fromJson(needs.change-detection.outputs.tests-to-run), 'rust')
uses: ./.github/workflows/_check_spanner_migrations.yml
secrets: inherit
lint:
name: Lint
runs-on: blacksmith-4vcpu-ubuntu-2404
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ./.github/actions/python
with:
python-version: "3.11"
- name: Setup Rust
uses: ./.github/actions/rust
with:
github-token: ${{ github.token }}
- name: Run pre-commit
shell: bash
run: |
pre-commit run --all-files trailing-whitespace
pre-commit run --all-files mixed-line-ending
pre-commit run --all-files end-of-file-fixer
pre-commit run --all-files requirements-txt-fixer
pre-commit run --all-files check-xml
pre-commit run --all-files check-merge-conflict
pre-commit run --all-files check-case-conflict
pre-commit run --all-files check-docstring-first
pre-commit run --all-files black
pre-commit run --all-files flake8
pre-commit run --all-files prettier
pre-commit run --all-files check-yaml
continue-on-error: true
- name: Cargo fmt check
shell: bash
run: cargo fmt -- --check
- name: Clippy
run: cargo clippy --all-targets --all-features --keep-going -- -D warnings -D clippy::large_futures -D clippy::all
# This job exists for our branch protection rule.
# We want to require status checks to pass before merging, but the set of
# checks that run for any given PR is dynamic based on the files changed.
# When creating a branch protection rule, you have to specify a static list
# of checks.
# So since this job always runs, we can specify it in the branch protection rule.
all-required-pr-checks-passed:
if: always()
needs:
- python-tests
- python-vulnerability-scan
- javascript-client-tests
- rust-tests
- rust-feature-tests
- go-tests
- check-spanner-migrations
- lint
- check-helm-version-bump
- delete-helm-comment
runs-on: blacksmith-4vcpu-ubuntu-2404
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
allowed-skips: python-tests,python-vulnerability-scan,javascript-client-tests,rust-tests,rust-feature-tests,go-tests,check-spanner-migrations,check-helm-version-bump,delete-helm-comment
notify-slack-on-failure:
name: Notify Slack on Test Failure
if: github.ref == 'refs/heads/main' && failure()
needs:
- python-tests
- python-vulnerability-scan
- javascript-client-tests
- rust-tests
- rust-feature-tests
- go-tests
- check-spanner-migrations
- lint
- check-helm-version-bump
- delete-helm-comment
runs-on: blacksmith-2vcpu-ubuntu-2404
steps:
- name: Notify Slack
uses: slackapi/slack-github-action@v2.0.0
with:
token: ${{ secrets.SLACK_BOT_TOKEN }}
method: chat.postMessage
payload: |
channel: ${{ secrets.SLACK_CHANNEL_ID }}
text: |
:x: *Test failure on main branch after PR merge!*
*Workflow:* ${{ github.workflow }}
*Run:* <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>
*Ref:* <https://github.com/${{ github.repository }}/tree/${{ github.ref_name }}|${{ github.ref_name }}>
*Author:* ${{ github.actor }}
pr-check-title .github/workflows/pr-check-title.yml
View raw YAML
name: Check PR Title
on:
pull_request:
types:
- opened
- synchronize
- reopened
- edited
branches:
- main
- '**'
jobs:
check-title:
name: Check PR Title
runs-on: blacksmith-4vcpu-ubuntu-2404
steps:
- name: Check PR Title
uses: Slashgear/action-check-pr-title@v4.3.0
with:
regexp: '\[(ENH|BUG|DOC|TST|BLD|PERF|TYP|CLN|CHORE|RELEASE|HOTFIX)\].*'
helpMessage: "Please tag your PR title. See https://docs.trychroma.com/contributing#contributing-code-and-ideas."
- name: Comment explaining failure
if: failure()
uses: marocchino/sticky-pull-request-comment@v2
with:
header: pr-title-info
message: |
Please tag your PR title with one of: `[ENH | BUG | DOC | TST | BLD | PERF | TYP | CLN | CHORE]`. See https://docs.trychroma.com/contributing#contributing-code-and-ideas
- name: Delete comment on success
if: success()
uses: marocchino/sticky-pull-request-comment@v2
with:
header: pr-title-info
delete: true
pr-review-checklist .github/workflows/pr-review-checklist.yml
View raw YAML
name: 📋 PR Review Checklist
on:
pull_request_target:
types:
- opened
jobs:
PR-Comment:
runs-on: blacksmith-4vcpu-ubuntu-2404
steps:
- name: PR Comment
uses: actions/github-script@v2
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.issues.createComment({
issue_number: ${{ github.event.number }},
owner: context.repo.owner,
repo: context.repo.repo,
body: `# Reviewer Checklist
Please leverage this checklist to ensure your code review is thorough before approving
## Testing, Bugs, Errors, Logs, Documentation
- [ ] Can you think of any use case in which the code does not behave as intended? Have they been tested?
- [ ] Can you think of any inputs or external events that could break the code? Is user input validated and safe? Have they been tested?
- [ ] If appropriate, are there adequate property based tests?
- [ ] If appropriate, are there adequate unit tests?
- [ ] Should any logging, debugging, tracing information be added or removed?
- [ ] Are error messages user-friendly?
- [ ] Have all documentation changes needed been made?
- [ ] Have all non-obvious changes been commented?
## System Compatibility
- [ ] Are there any potential impacts on other parts of the system or backward compatibility?
- [ ] Does this change intersect with any items on our roadmap, and if so, is there a plan for fitting them together?
## Quality
- [ ] Is this code of a unexpectedly high quality (Readability, Modularity, Intuitiveness)`
})
release-chromadb .github/workflows/release-chromadb.yml
View raw YAML
name: 📦 Release chromadb to PyPI and DockerHub
on:
push:
tags:
- "*"
branches:
- main
jobs:
check-tag:
runs-on: blacksmith-4vcpu-ubuntu-2404
outputs:
tag_matches: ${{ steps.check-tag.outputs.tag_matches }}
steps:
- name: Check Tag
id: check-tag
run: |
if [[ ${{ github.event.ref }} =~ ^refs/tags/[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "tag_matches=true" >> $GITHUB_OUTPUT
else
echo "Tag does not match the release tag pattern ([0-9]+\.[0-9]+\.[0-9]+), exiting workflow"
echo "tag_matches=false" >> $GITHUB_OUTPUT
fi
get-version:
runs-on: blacksmith-4vcpu-ubuntu-2404
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.9'
- name: Install setuptools_scm
run: python -m pip install setuptools_scm
- name: Get Release Version
id: version
run: echo "version=$(python -m setuptools_scm)" >> $GITHUB_OUTPUT
python-tests-linux:
uses: ./.github/workflows/_python-tests.yml
secrets: inherit
with:
python_versions: '["3.9", "3.10", "3.11", "3.12"]'
property_testing_preset: 'normal'
python-tests-windows:
uses: ./.github/workflows/_python-tests.yml
secrets: inherit
with:
# we only run windows tests on 3.12 because windows runners are expensive
# and we usually don't see failures that are isolated to a specific version
python_versions: '["3.12"]'
property_testing_preset: 'normal'
runner: '8core-32gb-windows-latest'
javascript-client-tests:
name: JavaScript client tests
uses: ./.github/workflows/_javascript-client-tests.yml
rust-tests:
name: Rust tests
uses: ./.github/workflows/_rust-tests.yml
secrets: inherit
go-tests:
name: Go tests
uses: ./.github/workflows/_go-tests.yml
secrets: inherit
release-docker:
name: Publish to DockerHub and GHCR
needs:
- check-tag
- get-version
- python-tests-linux
- python-tests-windows
- javascript-client-tests
- rust-tests
- go-tests
uses: ./.github/workflows/_build_release_container.yml
secrets: inherit
with:
tag: ${{ needs.get-version.outputs.version }}
tag_as_latest: ${{ needs.check-tag.outputs.tag_matches == 'true' }}
push: true
release-pypi:
name: Publish to PyPI
needs:
- check-tag
- get-version
- python-tests-linux
- python-tests-windows
- javascript-client-tests
- rust-tests
- go-tests
uses: ./.github/workflows/_build_release_pypi.yml
secrets: inherit
with:
publish_to_test_pypi: true
publish_to_pypi: ${{ needs.check-tag.outputs.tag_matches == 'true' }}
version: ${{ needs.get-version.outputs.version }}
release-thin-pypi:
name: Publish thin client to PyPI
runs-on: blacksmith-4vcpu-ubuntu-2404
needs:
- check-tag
- python-tests-linux
- python-tests-windows
- javascript-client-tests
- rust-tests
- go-tests
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python
uses: ./.github/actions/python
with:
python-version: '3.12'
- name: Build Client
run: ./clients/python/build_python_thin_client.sh
- name: Test Client Package
run: bin/test-package/test-thin-client-package.sh dist/*.tar.gz
- name: Install setuptools_scm
run: python -m pip install setuptools_scm
- name: Publish to Test PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.TEST_PYPI_PYTHON_CLIENT_PUBLISH_KEY }}
repository-url: https://test.pypi.org/legacy/
verbose: 'true'
- name: Publish to PyPI
if: ${{ needs.check-tag.outputs.tag_matches == 'true' }}
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_PYTHON_CLIENT_PUBLISH_KEY }}
verbose: 'true'
release-github:
name: Make GitHub release
runs-on: blacksmith-4vcpu-ubuntu-2404
needs:
- check-tag
- get-version
- release-docker
- release-pypi
- release-thin-pypi
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download artifact
uses: actions/download-artifact@v4
with:
pattern: wheels-*
path: dist
- name: Get current date
id: builddate
run: echo "builddate=$(date +'%Y-%m-%dT%H:%M')" >> $GITHUB_OUTPUT
- name: Release Tagged Version
uses: ncipollo/release-action@v1.14.0
if: ${{ needs.check-tag.outputs.tag_matches == 'true' }}
with:
body: |
Version: `${{needs.get-version.outputs.version}}`
Git ref: `${{github.ref}}`
Build Date: `${{steps.builddate.outputs.builddate}}`
PIP Package: `chroma-${{needs.get-version.outputs.version}}.tar.gz`
Github Container Registry Image: `${{ env.GHCR_IMAGE_NAME }}:${{ needs.get-version.outputs.version }}`
DockerHub Image: `${{ env.DOCKERHUB_IMAGE_NAME }}:${{ needs.get-version.outputs.version }}`
artifacts: "dist/*"
prerelease: false
makeLatest: true
generateReleaseNotes: true
- name: Update Tag
uses: richardsimko/update-tag@v1.0.5
if: ${{ needs.check-tag.outputs.tag_matches != 'true' }}
with:
tag_name: latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Release Latest
uses: ncipollo/release-action@v1.14.0
if: ${{ needs.check-tag.outputs.tag_matches != 'true' }}
with:
tag: "latest"
name: "Latest"
body: |
Version: `${{needs.get-version.outputs.version}}`
Git ref: `${{github.ref}}`
Build Date: `${{steps.builddate.outputs.builddate}}`
PIP Package: `chroma-${{needs.get-version.outputs.version}}.tar.gz`
Github Container Registry Image: `${{ env.GHCR_IMAGE_NAME }}:${{ needs.get-version.outputs.version }}`
DockerHub Image: `${{ env.DOCKERHUB_IMAGE_NAME }}:${{ needs.get-version.outputs.version }}`
artifacts: "dist/*"
allowUpdates: true
removeArtifacts: true
prerelease: true
deploy-staging:
name: Deploy to staging
# depends on release-github because it updates the tag to latest, which is what will get deployed
needs:
- release-github
uses: ./.github/workflows/_deploy.yml
secrets: inherit
notify-slack-on-failure:
name: Notify Slack on ChromaDB Release Failure
if: failure()
needs:
- release-docker
- release-pypi
- release-thin-pypi
- release-github
- deploy-staging
runs-on: blacksmith-2vcpu-ubuntu-2404
steps:
- name: Notify Slack
uses: slackapi/slack-github-action@v2.0.0
with:
token: ${{ secrets.SLACK_BOT_TOKEN }}
method: chat.postMessage
payload: |
channel: ${{ secrets.SLACK_CHANNEL_ID }}
text: |
:x: *ChromaDB release failure!*
*Workflow:* ${{ github.workflow }}
*Run:* <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>
*Ref:* <https://github.com/${{ github.repository }}/tree/${{ github.ref_name }}|${{ github.ref_name }}>
*Author:* ${{ github.actor }}
release-cli .github/workflows/release-cli.yml
View raw YAML
name: Release CLI
on:
workflow_dispatch:
inputs:
release_name:
description: "Release name to use (e.g. cli-1.2.3) when dispatching manually"
required: false
push:
tags:
- 'cli_release_[0-9]*.[0-9]*.[0-9]*'
jobs:
build-linux:
name: Build Linux binary
runs-on: blacksmith-4vcpu-ubuntu-2404
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install Protoc
uses: arduino/setup-protoc@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Build Linux binary
run: cargo build --bin chroma --release --manifest-path rust/cli/Cargo.toml
- name: Rename binary artifact for Linux
run: mv target/release/chroma ./chroma-linux
- name: Upload Linux binary artifact
uses: actions/upload-artifact@v4
with:
name: chroma-linux
path: chroma-linux
build-windows:
name: Build Windows binary
runs-on: 8core-32gb-windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install Protocol Buffers Compiler
run: choco install protoc -y
- name: Set up Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Build Windows binary
run: cargo build --bin chroma --release --manifest-path rust/cli/Cargo.toml
- name: Rename binary artifact for Windows
shell: powershell
run: |
Move-Item -Path "target\release\chroma.exe" -Destination ".\chroma-windows.exe" -Force
# List files in the parent directory for debugging.
Get-ChildItem -Path ..
- name: Upload Windows binary artifact
uses: actions/upload-artifact@v4
with:
name: chroma-windows
path: chroma-windows.exe
build-macos:
name: Build macOS binaries (Intel & ARM64)
runs-on: macos-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install Protocol Buffers Compiler
run: brew install protobuf
- name: Set up Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Add ARM64 target for macOS
run: rustup target add aarch64-apple-darwin
- name: Add Intel target for macOS
run: rustup target add x86_64-apple-darwin
- name: Build macOS Intel binary
run: cargo build --bin chroma --release --target x86_64-apple-darwin --manifest-path rust/cli/Cargo.toml
- name: Build macOS ARM64 binary
run: cargo build --bin chroma --release --target aarch64-apple-darwin --manifest-path rust/cli/Cargo.toml
- name: Rename macOS binaries
run: |
mv target/x86_64-apple-darwin/release/chroma ./chroma-macos-intel
mv target/aarch64-apple-darwin/release/chroma ./chroma-macos-arm64
chmod +x ./chroma-macos-intel ./chroma-macos-arm64
- name: Upload macOS Intel binary artifact
uses: actions/upload-artifact@v4
with:
name: chroma-macos-intel
path: chroma-macos-intel
- name: Upload macOS ARM64 binary artifact
uses: actions/upload-artifact@v4
with:
name: chroma-macos-arm64
path: chroma-macos-arm64
release:
name: Create GitHub Release and Attach Assets
runs-on: blacksmith-4vcpu-ubuntu-2404
needs: [ build-linux, build-windows, build-macos ]
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
- name: Ensure all binaries are executable
run: chmod +x artifacts/* || true
- name: Determine release info
id: release_info
run: |
if [ "${GITHUB_EVENT_NAME}" = "push" ]; then
# The tag is available as refs/tags/cli_release_a.b.c.
TAG=${GITHUB_REF#refs/tags/}
VERSION=${TAG#cli_release_}
echo "release_name=cli-${VERSION}" >> $GITHUB_OUTPUT
echo "tag_name=${TAG}" >> $GITHUB_OUTPUT
else
if [ -z "${{ github.event.inputs.release_name }}" ]; then
echo "::error::Manual dispatch requires a release_name input."
exit 1
fi
echo "release_name=${{ github.event.inputs.release_name }}" >> $GITHUB_OUTPUT
echo "tag_name=${{ github.event.inputs.release_name }}" >> $GITHUB_OUTPUT
fi
- name: Create GitHub Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.release_info.outputs.tag_name }}
release_name: ${{ steps.release_info.outputs.release_name }}
body: "CLI release."
draft: false
prerelease: false
- name: Upload Linux binary to release
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/chroma-linux/chroma-linux
asset_name: chroma-linux
asset_content_type: application/octet-stream
- name: Upload Windows binary to release
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/chroma-windows/chroma-windows.exe
asset_name: chroma-windows.exe
asset_content_type: application/octet-stream
- name: Upload macOS Intel binary to release
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/chroma-macos-intel/chroma-macos-intel
asset_name: chroma-macos-intel
asset_content_type: application/octet-stream
- name: Upload macOS ARM64 binary to release
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/chroma-macos-arm64/chroma-macos-arm64
asset_name: chroma-macos-arm64
asset_content_type: application/octet-stream
release-dev-javascript-client matrix .github/workflows/release-dev-javascript-client.yml
View raw YAML
name: 📦 Development Release JavaScript client
on:
push:
branches:
- main
jobs:
test:
name: JavaScript client tests
uses: ./.github/workflows/_javascript-client-tests.yml
release-dev:
needs: test
strategy:
matrix:
registry: [ "https://npm.pkg.github.com" ]
runs-on: blacksmith-4vcpu-ubuntu-2404
if: ${{ github.ref == 'refs/heads/main' }}
permissions: write-all
steps:
- name: Check if tag matches the pattern
id: check-tag
run: |
# we don't necessarily need this
if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
echo "Push to main branch, releasing dev version to GH packages"
echo "NPM_SCRIPT=release_dev" >> "$GITHUB_ENV"
else
echo "The ref does not point to main, exiting workflow" # we alredy make the check above but this is a good practice
exit 1
fi
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 9
run_install: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "18.x"
registry-url: ${{ matrix.registry }}
check-latest: false
token: ${{ secrets.GITHUB_TOKEN }}
cache: 'pnpm'
cache-dependency-path: 'clients/js/pnpm-lock.yaml'
- name: Install dependencies
run: pnpm install --no-frozen-lockfile
working-directory: ./clients/js/
- name: Build packages
run: pnpm build
working-directory: ./clients/js/
- name: Generate Dev Version
id: dev-version
run: |
set -e
# Generate a dev tag using commit short sha and run id
COMMIT_SHA=$(git rev-parse --short HEAD)
DEV_TAG="dev.${COMMIT_SHA}-${GITHUB_RUN_ID}"
echo "DEV_TAG=${DEV_TAG}" >> "$GITHUB_ENV"
# Update each package's version with dev tag
for PKG_DIR in packages/chromadb packages/chromadb-client; do
PKG_PATH="./${PKG_DIR}/package.json"
# Get current version
CURRENT_VERSION=$(node -p "require('${PKG_PATH}').version")
# Create full version with dev tag
BASE_VERSION=$(echo $CURRENT_VERSION | cut -f1,2 -d.)
PATCH_VERSION=$(echo $CURRENT_VERSION | cut -f3 -d.)
# bump patch version
NEW_PATCH_VERSION=$((PATCH_VERSION + 1))
NEW_VERSION="${BASE_VERSION}.${NEW_PATCH_VERSION}-${DEV_TAG}"
# Update package.json with new version
jq --arg version "$NEW_VERSION" '.version = $version' $PKG_PATH > tmp.$$.json && mv tmp.$$.json $PKG_PATH
echo "Updated ${PKG_DIR} to version ${NEW_VERSION}"
done
working-directory: ./clients/js/
- name: Update package.json with organization scope
run: |
ORG_NAME="@chroma-core"
# Update chromadb package
CHROMADB_PKG="./packages/chromadb/package.json"
PACKAGE_NAME=$(jq -r '.name' $CHROMADB_PKG)
jq --arg org "$ORG_NAME" --arg name "$PACKAGE_NAME" '.name = "\($org)/\($name)"' $CHROMADB_PKG > tmp.$$.json && mv tmp.$$.json $CHROMADB_PKG
# Update chromadb-client package
CLIENT_PKG="./packages/chromadb-client/package.json"
PACKAGE_NAME=$(jq -r '.name' $CLIENT_PKG)
jq --arg org "$ORG_NAME" --arg name "$PACKAGE_NAME" '.name = "\($org)/\($name)"' $CLIENT_PKG > tmp.$$.json && mv tmp.$$.json $CLIENT_PKG
working-directory: ./clients/js/
- name: Publish dev packages
run: pnpm publish -r --access public --no-git-checks --tag dev
working-directory: ./clients/js/
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
notify-slack-on-failure:
name: Notify Slack on Release Failure
if: failure()
needs: [release-dev]
runs-on: blacksmith-2vcpu-ubuntu-2404
steps:
- name: Notify Slack
uses: slackapi/slack-github-action@v2.0.0
with:
token: ${{ secrets.SLACK_BOT_TOKEN }}
method: chat.postMessage
payload: |
channel: ${{ secrets.SLACK_CHANNEL_ID }}
text: |
:x: *JavaScript client (dev) release failure!*
*Workflow:* ${{ github.workflow }}
*Run:* <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>
*Ref:* <https://github.com/${{ github.repository }}/tree/${{ github.ref_name }}|${{ github.ref_name }}>
*Author:* ${{ github.actor }}
release-helm-chart .github/workflows/release-helm-chart.yml
View raw YAML
name: 📦 Release Helm Chart
on:
push:
paths:
- k8s/distributed-chroma/Chart.yaml
branches:
- main
workflow_dispatch:
jobs:
detect-version-change:
name: Detect if version in Chart.yaml was changed
runs-on: blacksmith-4vcpu-ubuntu-2404
outputs:
version_changed: ${{ steps.detect-version-change.outputs.version_changed }}
version: ${{ steps.detect-version-change.outputs.version }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Detect if version field in Chart.yaml was changed
id: detect-version-change
shell: bash
run: |
current=$(git show HEAD:$file | yq ".version")
previous=$(git show HEAD^:$file | yq ".version")
echo "version=$current" >> $GITHUB_OUTPUT
if [ "$current" != "$previous" ]; then
echo "Version field in $file was changed from $previous to $current"
echo "version_changed=true" >> $GITHUB_OUTPUT
else
echo "Version field in $file was not changed"
echo "version_changed=false" >> $GITHUB_OUTPUT
fi
env:
file: k8s/distributed-chroma/Chart.yaml
publish-helm:
name: Publish Helm chart
needs: detect-version-change
runs-on: blacksmith-4vcpu-ubuntu-2404
permissions:
id-token: write
contents: read
env:
AWS_REGION: us-east-1
if: ${{ needs.detect-version-change.outputs.version_changed == 'true' || github.event_name == 'workflow_dispatch' }}
steps:
- uses: actions/checkout@v3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ vars.AWS_ECR_OIDC_ARN }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Setup Helm
uses: azure/setup-helm@v4
- name: Package Helm chart
run: helm package k8s/distributed-chroma
- name: Publish Helm chart
run: helm push distributed-chroma-${{ needs.detect-version-change.outputs.version }}.tgz oci://${{ vars.AWS_ECR_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/charts
notify-slack-on-failure:
name: Notify Slack on Helm Chart Release Failure
if: failure()
needs: [publish-helm]
runs-on: blacksmith-2vcpu-ubuntu-2404
steps:
- name: Notify Slack
uses: slackapi/slack-github-action@v2.0.0
with:
token: ${{ secrets.SLACK_BOT_TOKEN }}
method: chat.postMessage
payload: |
channel: ${{ secrets.SLACK_CHANNEL_ID }}
text: |
:x: *Helm chart release failure!*
*Workflow:* ${{ github.workflow }}
*Run:* <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>
*Ref:* <https://github.com/${{ github.repository }}/tree/${{ github.ref_name }}|${{ github.ref_name }}>
*Author:* ${{ github.actor }}
release-javascript-client matrix .github/workflows/release-javascript-client.yml
View raw YAML
name: 📦 Release JavaScript client
on:
push:
tags:
- 'js_release_[0-9]+\.[0-9]+\.[0-9]+' # Match tags in the form js_release_X.Y.Z
- 'js_release_alpha_[0-9]+\.[0-9]+\.[0-9]+' # Match tags in the form js_release_alpha_X.Y.Z
workflow_dispatch:
inputs:
tag:
description: 'Tag to release'
required: true
env:
PNPM_CACHE_FOLDER: .cache/pnpm
jobs:
release:
strategy:
fail-fast: false
matrix:
registry: [ "https://registry.npmjs.org", "https://npm.pkg.github.com" ]
runs-on: blacksmith-4vcpu-ubuntu-2404
permissions: write-all
steps:
- name: Resolve tag
id: tag
shell: bash
run: |
# If the workflow was triggered by a push on a tag, use github.ref_name.
# If manually dispatched, use the tag value supplied in the workflow input.
if [[ "${{ github.event_name }}" == "push" ]]; then
echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
else
echo "tag=${{ inputs.tag }}" >> $GITHUB_OUTPUT
fi
- name: Check if tag matches the pattern
run: |
if [[ "${{ steps.tag.outputs.tag }}" =~ ^js_release_alpha_[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Tag matches the pattern js_release_alpha_X.Y.Z"
echo "NPM_SCRIPT=release_alpha" >> "$GITHUB_ENV"
elif [[ "${{ steps.tag.outputs.tag }}" =~ ^js_release_[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Tag matches the pattern js_release_X.Y.Z"
echo "NPM_SCRIPT=release" >> "$GITHUB_ENV"
else
echo "Tag does not match the release tag pattern, exiting workflow"
exit 1
fi
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 9
run_install: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "18.x"
registry-url: ${{ matrix.registry }}
check-latest: false
token: ${{ matrix.registry == 'https://registry.npmjs.org' && secrets.NPM_TOKEN || secrets.GITHUB_TOKEN }}
cache: 'pnpm'
cache-dependency-path: 'clients/js/pnpm-lock.yaml'
- name: Install dependencies
run: pnpm install --no-frozen-lockfile
working-directory: ./clients/js/
- name: Build packages
run: pnpm build
working-directory: ./clients/js/
- name: Update package.json with organization scope for GitHub packages
if: matrix.registry == 'https://npm.pkg.github.com'
run: |
# Update chromadb package
CHROMADB_PKG="./packages/chromadb/package.json"
ORG_NAME="@chroma-core"
PACKAGE_NAME=$(jq -r '.name' $CHROMADB_PKG)
jq --arg org "$ORG_NAME" --arg name "$PACKAGE_NAME" '.name = "\($org)/\($name)"' $CHROMADB_PKG > tmp.$$.json && mv tmp.$$.json $CHROMADB_PKG
# Update chromadb-client package
CLIENT_PKG="./packages/chromadb-client/package.json"
PACKAGE_NAME=$(jq -r '.name' $CLIENT_PKG)
jq --arg org "$ORG_NAME" --arg name "$PACKAGE_NAME" '.name = "\($org)/\($name)"' $CLIENT_PKG > tmp.$$.json && mv tmp.$$.json $CLIENT_PKG
working-directory: ./clients/js/
- name: Publish packages
run: pnpm publish -r --access public --no-git-checks
working-directory: ./clients/js/
env:
NODE_AUTH_TOKEN: ${{ matrix.registry == 'https://registry.npmjs.org' && secrets.NPM_TOKEN || secrets.GITHUB_TOKEN }}
notify-slack-on-failure:
name: Notify Slack on Release Failure
if: failure()
needs: [release]
runs-on: blacksmith-2vcpu-ubuntu-2404
steps:
- name: Resolve tag
id: tag
shell: bash
run: |
# If the workflow was triggered by a push on a tag, use github.ref_name.
# If manually dispatched, use the tag value supplied in the workflow input.
if [[ "${{ github.event_name }}" == "push" ]]; then
echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
else
echo "tag=${{ inputs.tag }}" >> $GITHUB_OUTPUT
fi
- name: Notify Slack
uses: slackapi/slack-github-action@v2.0.0
with:
token: ${{ secrets.SLACK_BOT_TOKEN }}
method: chat.postMessage
payload: |
channel: ${{ secrets.SLACK_CHANNEL_ID }}
text: |
:x: *JavaScript client release failure!*
*Workflow:* ${{ github.workflow }}
*Run:* <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>
*Ref:* <https://github.com/${{ github.repository }}/releases/tag/${{ steps.tag.outputs.tag }}|${{ steps.tag.outputs.tag }}>
*Author:* ${{ github.actor }}