Add job to build and upload docker image to pypi_release workflow

Author: SurbhiJainUSC

.github/workflows/build_and_push_docker_image.yml

@@ -45,6 +45,10 @@ on:
         required: false
         type: string
         default: 'pre-training'
+      version_name:
+        required: false
+        type: string
+        default: ''
 
 permissions:
   contents: read
@@ -115,7 +119,7 @@ jobs:
           push: true
           context: .
           file: ${{ inputs.dockerfile }}
-          tags: gcr.io/tpu-prod-env-multipod/${{ inputs.image_name }}:latest
+          tags: gcr.io/tpu-prod-env-multipod/${{ inputs.image_name }}:${{ github.run_id }}
           cache-from: type=gha
           outputs: type=image,compression=zstd,force-compression=true
           build-args: |
@@ -133,26 +137,36 @@ jobs:
         run: |
           SOURCE_IMAGE="gcr.io/tpu-prod-env-multipod/${INPUTS_IMAGE_NAME}"
 
-          # Add date tag
-          gcloud container images add-tag "$SOURCE_IMAGE:latest" "$SOURCE_IMAGE:${INPUTS_IMAGE_DATE}" --quiet
+          if [[ $INPUTS_VERSION_NAME ]]; then
+            echo "Tagging docker images corresponding to PyPI release..."
+            gcloud container images add-tag "$SOURCE_IMAGE:${{ github.run_id }}" "$SOURCE_IMAGE:${INPUTS_VERSION_NAME}" --quiet
+          else
+            echo "Tagging docker images corresponding to nightly release..."
 
-          # Convert date to YYYYMMDD format
-          clean_date=$(echo "${INPUTS_IMAGE_DATE}" | sed 's/[-:]//g' | cut -c1-8)
+            # Add date tag
+            gcloud container images add-tag "$SOURCE_IMAGE:${{ github.run_id }}" "$SOURCE_IMAGE:${INPUTS_IMAGE_DATE}" --quiet
 
-          # Add MaxText tag
-          maxtext_hash=$(git rev-parse --short HEAD)
-          gcloud container images add-tag "$SOURCE_IMAGE:latest" "$SOURCE_IMAGE:maxtext_${maxtext_hash}_${clean_date}" --quiet
+            # Convert date to YYYYMMDD format
+            clean_date=$(echo "${INPUTS_IMAGE_DATE}" | sed 's/[-:]//g' | cut -c1-8)
 
+            # Add MaxText tag
+            maxtext_hash=$(git rev-parse --short HEAD)
+            gcloud container images add-tag "$SOURCE_IMAGE:${{ github.run_id }}" "$SOURCE_IMAGE:maxtext_${maxtext_hash}_${clean_date}" --quiet
 
           # Add post-training dependencies tags
           if [ "${{ inputs.workflow }}" == "post-training" ]; then
             for dir in tunix vllm tpu-inference; do
               if [ -d "./$dir" ]; then
                 dir_hash=$(git -C "$dir" rev-parse --short HEAD)
-                gcloud container images add-tag "$SOURCE_IMAGE:latest" "$SOURCE_IMAGE:${dir}_${dir_hash}_${clean_date}" --quiet
-              fi
-            done
+                gcloud container images add-tag "$SOURCE_IMAGE:${{ github.run_id }}" "$SOURCE_IMAGE:${dir}_${dir_hash}_${clean_date}" --quiet
+                fi
+              done
+            fi
           fi
+
+          # Drop the "${{ github.run_id }}" tag from the image
+          gcloud container images untag "$SOURCE_IMAGE:${{ github.run_id }}" --quiet
         env:
           INPUTS_IMAGE_NAME: ${{ inputs.image_name }}
           INPUTS_IMAGE_DATE: ${{ inputs.image_date }}
+          INPUTS_VERSION_NAME: ${{ inputs.version_name }}

.github/workflows/pypi_release.yml

@@ -18,6 +18,7 @@ name: Publish MaxText to PyPI
 
 # Triggers when a new "release" is published in the GitHub UI
 on:
+  pull_request: # TODO: Remove this trigger after testing, it's added to test the workflow on pull requests.
   release:
     types: [published]
 
@@ -41,23 +42,85 @@ jobs:
     name: Build and Test MaxText Package
     needs: [release_approval]
     uses: ./.github/workflows/build_and_test_maxtext.yml
+    secrets: inherit
 
-  publish_maxtext_package_to_pypi:
-    name: Publish MaxText package to PyPI
-    # Temporarily only require release_approval for a one-time upload.
-    # Immediately revert this to `needs: [build_and_test_maxtext_package]`.
-    needs: [release_approval]
+  #publish_maxtext_package_to_pypi:
+  #  name: Publish MaxText package to PyPI
+  #  needs: [build_and_test_maxtext_package]
+  #  runs-on: ubuntu-latest
+  #  environment: release
+  #  steps:
+  #  - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+  #  - name: Download MaxText wheel
+  #    uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
+  #    with:
+  #      name: maxtext-wheel
+  #      path: dist/
+  #  - name: Publish MaxText wheel to PyPI
+  #    # Official action for PyPI Trusted Publishing
+  #    uses: pypa/gh-action-pypi-publish@release/v1
+  #    with:
+  #      packages-dir: dist/
+
+  get_latest_maxtext_pypi_version:
+    name: Get latest MaxText PyPI version
+    needs: [build_and_test_maxtext_package] # TODO: change to publish_maxtext_package_to_pypi after testing
     runs-on: ubuntu-latest
-    environment: release
+    outputs:
+      latest_pypi_version: ${{ steps.get_version.outputs.version }}
     steps:
-    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-    - name: Download MaxText wheel
-      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
-      with:
-        name: maxtext-wheel
-        path: dist/
-    - name: Publish MaxText wheel to PyPI
-      # Official action for PyPI Trusted Publishing
-      uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        packages-dir: dist/
+      - name: Install jq
+        run: sudo apt-get update && sudo apt-get install -y jq
+      - name: Fetch latest version of maxtext from PyPI
+        id: get_version
+        run: |
+          # Fetch JSON from PyPI for 'maxtext'
+          echo "Fetching latest version from https://pypi.org/pypi/maxtext/json"
+          pypi_json=$(curl -s https://pypi.org/pypi/maxtext/json)
+
+          # Extract the version from the "info" section using jq
+          latest_version=$(echo "$pypi_json" | jq -r ".info.version")
+
+          if [ -z "$latest_version" ] || [ "$latest_version" == "null" ]; then
+            echo "Error: Could not parse latest version from PyPI JSON."
+            exit 1
+          fi
+
+          echo "Successfully fetched latest MaxText version on PyPI: $latest_version"
+          # Set the output variable for other jobs to consume
+          echo "version=$latest_version" >> "$GITHUB_OUTPUT"
+
+  # This job builds and pushes MaxText stable Docker images for both TPU and GPU devices.
+  # It runs only after the release is approved, ensuring that the Docker images are built and pushed only for approved releases.
+  # Creates docker image for MaxText commit corresponding to the release.
+  upload_maxtext_docker_images:
+    name: Build and upload MaxText stable Docker images
+    needs: [get_latest_maxtext_pypi_version]
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - device: tpu
+            build_mode: stable
+            image_name: maxtext_jax_stable
+            workflow: pre-training
+            dockerfile: ./dependencies/dockerfiles/maxtext_tpu_dependencies.Dockerfile
+          - device: gpu
+            build_mode: stable
+            image_name: maxtext_gpu_jax_stable
+            workflow: pre-training
+            dockerfile: ./dependencies/dockerfiles/maxtext_gpu_dependencies.Dockerfile
+          - device: tpu
+            build_mode: stable
+            image_name: maxtext_post_training_stable
+            workflow: post-training
+            dockerfile: ./dependencies/dockerfiles/maxtext_tpu_dependencies.Dockerfile
+    uses: ./.github/workflows/build_and_push_docker_image.yml
+    with:
+      image_name: ${{ matrix.image_name }}
+      device: ${{ matrix.device }}
+      build_mode: ${{ matrix.build_mode }}
+      workflow: ${{ matrix.workflow }}
+      dockerfile: ${{ matrix.dockerfile }}
+      maxtext_sha: ${{ github.sha }}
+      version_name: ${{ github.event.release.tag_name }}