Skip to content

Commit 92133ad

Browse files
committed
Exclude compiled frontend from UI source tarball
The UI sdist was including hamilton_ui/build/** (compiled JS/CSS from npm build), which would require bundling third-party licenses. Fix: build sdist first (without frontend), then npm build, then wheel. - pyproject.toml: move hamilton_ui/build/** from include to exclude - apache_release_helper.py: split UI build into 3 steps: 1. flit build --format sdist (source-only) 2. npm install + npm run build → copy to hamilton_ui/build/ 3. flit build --format wheel (includes frontend assets) - test_build.py: update assertion to verify build/ is excluded from sdist
1 parent 1a1973a commit 92133ad

4 files changed

Lines changed: 60 additions & 23 deletions

File tree

scripts/apache_release_helper.py

Lines changed: 37 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -338,8 +338,23 @@ def create_release_artifacts(package_config: dict, version, no_sign: bool = Fals
338338
if os.path.exists("dist"):
339339
shutil.rmtree("dist")
340340

341-
# For the UI package, build the frontend before packaging.
341+
# For the UI package, build sdist first (without frontend assets),
342+
# then build frontend, then build wheel (with frontend assets).
343+
# This keeps compiled JS/CSS out of the source tarball (avoiding
344+
# third-party license obligations) while including them in the wheel.
342345
if package_name == "apache-hamilton-ui":
346+
# Step 1: Build sdist without frontend assets
347+
try:
348+
subprocess.run(
349+
["flit", "build", "--no-use-vcs", "--format", "sdist"],
350+
check=True,
351+
)
352+
print("Source distribution created successfully (without frontend).")
353+
except subprocess.CalledProcessError as e:
354+
print(f"Error creating source distribution: {e}")
355+
return None
356+
357+
# Step 2: Build frontend and copy to hamilton_ui/build/
343358
print("Building UI frontend (npm install + npm run build)...")
344359
frontend_dir = os.path.join(original_dir, "ui", "frontend")
345360
build_target = os.path.join("hamilton_ui", "build")
@@ -366,20 +381,27 @@ def create_release_artifacts(package_config: dict, version, no_sign: bool = Fals
366381
print("Ensure Node.js and npm are installed.")
367382
return None
368383

369-
# Use flit build to create the source distribution.
370-
try:
371-
subprocess.run(
372-
[
373-
"flit",
374-
"build",
375-
"--no-use-vcs",
376-
],
377-
check=True,
378-
)
379-
print("Source distribution created successfully.")
380-
except subprocess.CalledProcessError as e:
381-
print(f"Error creating source distribution: {e}")
382-
return None
384+
# Step 3: Build wheel (includes frontend assets via package data)
385+
try:
386+
subprocess.run(
387+
["flit", "build", "--no-use-vcs", "--format", "wheel"],
388+
check=True,
389+
)
390+
print("Wheel created successfully (with frontend assets).")
391+
except subprocess.CalledProcessError as e:
392+
print(f"Error creating wheel: {e}")
393+
return None
394+
else:
395+
# Non-UI packages: build both sdist and wheel in one step
396+
try:
397+
subprocess.run(
398+
["flit", "build", "--no-use-vcs"],
399+
check=True,
400+
)
401+
print("Source distribution created successfully.")
402+
except subprocess.CalledProcessError as e:
403+
print(f"Error creating source distribution: {e}")
404+
return None
383405

384406
# Find the created tarball in the dist directory.
385407
# Convert package name with underscores for file naming

scripts/verify-sub-packages/verify_ui.sh

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,6 +125,16 @@ mkdir -p "$build_dir"
125125
tar xzf "$ARTIFACTS_DIR/$SRC_TAR" -C "$build_dir"
126126
src_dir=$(ls -d ${build_dir}/*/ | head -1)
127127

128+
# Verify source tarball does NOT contain compiled frontend assets.
129+
# JS/CSS bundles would require third-party license auditing.
130+
if find "$src_dir" -path "*/build/assets/*.js" | grep -q .; then
131+
echo " ✗ Source tarball contains compiled frontend JS — must be excluded"
132+
rm -rf "$build_dir"
133+
exit 1
134+
else
135+
echo " ✓ Source tarball does not contain compiled frontend assets"
136+
fi
137+
128138
# Note: The UI source tarball does not include compiled frontend assets.
129139
# The release script builds the frontend (npm run build) before flit build.
130140
# Here we verify the backend builds correctly; the wheel from SVN includes

ui/backend/pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,10 +75,10 @@ include = [
7575
"LICENSE",
7676
"NOTICE",
7777
"DISCLAIMER",
78-
"hamilton_ui/build/**",
7978
"tests/**",
8079
]
8180
exclude = [
81+
"hamilton_ui/build/**",
8282
"hamilton_ui/tests/**",
8383
".git/**",
8484
"**/__pycache__/**",

ui/backend/tests/test_build.py

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -193,8 +193,13 @@ def test_pyproject_toml_exists(self):
193193
pyproject_file = get_ui_backend_dir() / "pyproject.toml"
194194
assert pyproject_file.exists(), f"pyproject.toml not found at {pyproject_file}"
195195

196-
def test_flit_sdist_includes_build_directory(self):
197-
"""Verify that pyproject.toml includes hamilton_ui/build/** in Flit sdist."""
196+
def test_flit_sdist_excludes_build_directory(self):
197+
"""Verify that pyproject.toml excludes hamilton_ui/build/** from Flit sdist.
198+
199+
Compiled frontend assets (JS/CSS) must not be in the source tarball
200+
to avoid third-party license obligations. The wheel includes them
201+
via package data; the release script builds sdist before npm build.
202+
"""
198203
pyproject_file = get_ui_backend_dir() / "pyproject.toml"
199204

200205
with open(pyproject_file, "rb") as f:
@@ -205,11 +210,11 @@ def test_flit_sdist_includes_build_directory(self):
205210
assert "flit" in config["tool"], "pyproject.toml missing [tool.flit] section"
206211
assert "sdist" in config["tool"]["flit"], "pyproject.toml missing [tool.flit.sdist] section"
207212

208-
# Check includes
209-
includes = config["tool"]["flit"]["sdist"].get("include", [])
210-
assert "hamilton_ui/build/**" in includes, (
211-
"pyproject.toml [tool.flit.sdist] does not include 'hamilton_ui/build/**'. "
212-
"Built assets will not be packaged in the distribution."
213+
# Check excludes
214+
excludes = config["tool"]["flit"]["sdist"].get("exclude", [])
215+
assert "hamilton_ui/build/**" in excludes, (
216+
"pyproject.toml [tool.flit.sdist] must exclude 'hamilton_ui/build/**'. "
217+
"Compiled frontend assets should not be in the source tarball."
213218
)
214219

215220
def test_flit_sdist_includes_tests(self):

0 commit comments

Comments
 (0)