de en es ja ko ru zh

Genkit MCP

Official

by firebase

Overview Schema Related Servers Score Discussions

Python

Hybrid

genkit
.github
workflows

releasekit-uv.yml•22.6 KiB

# Copyright 2026 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # ══════════════════════════════════════════════════════════════════════ # ReleaseKit: Automated Release Pipeline — Python (uv) # ══════════════════════════════════════════════════════════════════════ # # This workflow implements a release-please-style pipeline for the # genkit Python SDK. It uses releasekit to automate: # # 1. PREPARE — compute version bumps, generate changelogs, open # or update a Release PR. # 2. RELEASE — tag the merge commit, create a GitHub Release. # 3. PUBLISH — build and publish packages to PyPI in topological # order with retry and ephemeral version pinning. # # ── Automatic Flow ────────────────────────────────────────────────── # # push to main ──► releasekit prepare ──► Release PR # (py/packages/** (autorelease: pending) # py/plugins/**) │ # merge PR # │ # ▼ # releasekit release ──► tags + GitHub Release # │ # ▼ # releasekit publish ──► PyPI # │ # ▼ # repository_dispatch ──► downstream repos # # ── Manual Dispatch Flow ──────────────────────────────────────────── # # ┌─────────────────────────────────────────────────────────────┐ # │ workflow_dispatch UI │ # │ │ # │ action: [prepare ▼] ──► runs PREPARE job only │ # │ [release ▼] ──► runs RELEASE + PUBLISH + NOTIFY │ # │ │ # │ target: [pypi / testpypi] │ # │ dry_run: [✓] simulate, no side effects │ # │ force_prepare: [✓] skip preflight, force PR creation │ # │ group: [________] target a release group │ # │ bump_type: [auto / patch / minor / major] │ # │ prerelease: [________] e.g. rc.1, beta.1 │ # │ skip_publish: [✓] tag + release but don't publish │ # │ concurrency: [0] max parallel publish (0 = auto) │ # └─────────────────────────────────────────────────────────────┘ # # ── Trigger Matrix ────────────────────────────────────────────────── # # Event │ Jobs that run # ───────────────────┼────────────────────────────────── # push to main │ prepare # PR merged │ release → publish → notify # dispatch: prepare │ prepare # dispatch: release │ release → publish → notify # # ── Inputs Reference ──────────────────────────────────────────────── # # Input │ Type │ Default │ Description # ───────────────┼─────────┼─────────┼────────────────────────────── # action │ choice │ release │ Pipeline stage: prepare or release # target │ choice │ pypi │ Registry: pypi or testpypi # dry_run │ boolean │ true │ Simulate without side effects # force_prepare │ boolean │ false │ Force PR creation (--force) # group │ string │ (all) │ Target a specific release group # bump_type │ choice │ auto │ Override semver bump detection # prerelease │ string │ (none) │ Prerelease suffix (e.g. rc.1) # skip_publish │ boolean │ false │ Tag + release, skip registry # concurrency │ string │ 0 │ Max parallel publish jobs # max_retries │ string │ 2 │ Retry failed publishes (0 = off) # # The workflow is idempotent: re-running any step is safe because # releasekit skips already-created tags and already-published versions. # ══════════════════════════════════════════════════════════════════════ name: "ReleaseKit: Python (uv)" on: workflow_dispatch: inputs: action: description: 'Which pipeline stage to run' required: true default: release type: choice options: - prepare - release target: description: 'Publish target registry (release only)' required: true default: pypi type: choice options: - testpypi - pypi dry_run: description: 'Dry run — log what would happen without creating tags or publishing' required: true default: true type: boolean force_prepare: description: 'Force create/update the Release PR even if no new bumps are detected' required: false default: false type: boolean group: description: 'Release group to target (leave empty for all)' required: false type: string bump_type: description: 'Override auto-detected bump type' required: false default: auto type: choice options: - auto - patch - minor - major prerelease: description: 'Publish as prerelease (e.g. rc.1, beta.1)' required: false type: string skip_publish: description: 'Tag and create GitHub Release but skip publishing to registry' required: false default: false type: boolean concurrency: description: 'Max parallel publish jobs (0 = auto)' required: false default: '0' type: string max_retries: description: 'Max retries for failed publish attempts (0 = no retries)' required: false default: '2' type: string auth_method: description: 'Authentication method (auto = detect from configured secrets)' required: false default: auto type: choice options: - auto - app - pat - github-token push: branches: [main] paths: - "py/packages/**" - "py/plugins/**" pull_request: types: [closed] branches: [main] # Only one release pipeline runs at a time. concurrency: group: releasekit-${{ github.ref }} cancel-in-progress: false permissions: contents: write # Create tags, releases, and push to release branch pull-requests: write # Open/update Release PRs, manage labels id-token: write # Sigstore keyless signing (SLSA provenance) env: RELEASEKIT_DIR: py/tools/releasekit WORKSPACE_DIR: py # Registry URLs resolved from the target input (defaults to prod PyPI). PUBLISH_INDEX_URL: ${{ inputs.target == 'testpypi' && 'https://test.pypi.org/legacy/' || '' }} PUBLISH_CHECK_URL: ${{ inputs.target == 'testpypi' && 'https://test.pypi.org/simple/' || 'https://pypi.org/simple/' }} # Dry-run logic: # - PR merge (pull_request closed): dry_run=false (this is the one-button release flow) # - Manual dispatch: uses the checkbox value (default: true) # - Push to main: dry_run is not relevant (only runs prepare, which is always live) DRY_RUN: ${{ github.event_name == 'pull_request' && 'false' || (inputs.dry_run == 'false' && 'false' || 'true') }} jobs: # ═══════════════════════════════════════════════════════════════════════ # AUTH: Resolve token (GitHub App → PAT → GITHUB_TOKEN) # # Supports three auth modes in priority order: # 1. GitHub App — set RELEASEKIT_APP_ID (variable) + # RELEASEKIT_APP_PRIVATE_KEY (secret). # Passes CLA, triggers CI on Release PRs. # 2. PAT — set RELEASEKIT_TOKEN (secret). # Passes CLA, triggers CI on Release PRs. # 3. GITHUB_TOKEN — built-in, no setup needed. # PRs will NOT trigger CI and may fail CLA checks. # ═══════════════════════════════════════════════════════════════════════ auth: name: Resolve Auth Token runs-on: ubuntu-latest timeout-minutes: 2 outputs: token: ${{ steps.resolve.outputs.token }} git-user-name: ${{ steps.resolve.outputs.git-user-name }} git-user-email: ${{ steps.resolve.outputs.git-user-email }} steps: # Option 1: GitHub App (preferred — passes CLA, triggers CI). - name: Generate GitHub App token if: > (inputs.auth_method == 'auto' || inputs.auth_method == 'app' || inputs.auth_method == '') && vars.RELEASEKIT_APP_ID != '' id: app-token uses: actions/create-github-app-token@v2 with: app-id: ${{ vars.RELEASEKIT_APP_ID }} private-key: ${{ secrets.RELEASEKIT_APP_PRIVATE_KEY }} - name: Get App bot user ID if: steps.app-token.outcome == 'success' id: app-user run: | if ! user_id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id 2>/dev/null); then echo "::warning::Failed to fetch App bot user ID — using 0 as fallback" user_id=0 fi echo "user-id=$user_id" >> "$GITHUB_OUTPUT" env: GH_TOKEN: ${{ steps.app-token.outputs.token }} # Resolve: App > PAT > GITHUB_TOKEN (respects auth_method override). - name: Resolve token and identity id: resolve run: | AUTH="${{ inputs.auth_method || 'auto' }}" # App token — used when auth=auto (and available) or auth=app. if [ "$AUTH" = "app" ] || { [ "$AUTH" = "auto" ] && [ -n "$APP_TOKEN" ]; }; then echo "token=$APP_TOKEN" >> "$GITHUB_OUTPUT" echo "git-user-name=${{ steps.app-token.outputs.app-slug }}[bot]" >> "$GITHUB_OUTPUT" echo "git-user-email=${{ steps.app-user.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com" >> "$GITHUB_OUTPUT" echo "::notice::Using GitHub App token (${{ steps.app-token.outputs.app-slug }})" # PAT — used when auth=auto (and available) or auth=pat. elif [ "$AUTH" = "pat" ] || { [ "$AUTH" = "auto" ] && [ -n "$PAT_TOKEN" ]; }; then echo "token=$PAT_TOKEN" >> "$GITHUB_OUTPUT" echo "git-user-name=${GIT_USER_NAME:-releasekit[bot]}" >> "$GITHUB_OUTPUT" echo "git-user-email=${GIT_USER_EMAIL:-releasekit[bot]@users.noreply.github.com}" >> "$GITHUB_OUTPUT" echo "::notice::Using Personal Access Token" # GITHUB_TOKEN — fallback or explicit. Uses repo variables for # git identity if set, so CLA can pass with a signed identity. else echo "token=$FALLBACK_TOKEN" >> "$GITHUB_OUTPUT" echo "git-user-name=${GIT_USER_NAME:-github-actions[bot]}" >> "$GITHUB_OUTPUT" echo "git-user-email=${GIT_USER_EMAIL:-github-actions[bot]@users.noreply.github.com}" >> "$GITHUB_OUTPUT" if [ -n "$GIT_USER_NAME" ]; then echo "::notice::Using GITHUB_TOKEN with custom identity ($GIT_USER_NAME)" else echo "::warning::Using GITHUB_TOKEN — PRs will not trigger CI and may fail CLA checks. Set RELEASEKIT_GIT_USER_NAME and RELEASEKIT_GIT_USER_EMAIL repo variables to use a CLA-signed identity." fi fi env: APP_TOKEN: ${{ steps.app-token.outputs.token }} PAT_TOKEN: ${{ secrets.RELEASEKIT_TOKEN }} FALLBACK_TOKEN: ${{ secrets.GITHUB_TOKEN }} GIT_USER_NAME: ${{ vars.RELEASEKIT_GIT_USER_NAME }} GIT_USER_EMAIL: ${{ vars.RELEASEKIT_GIT_USER_EMAIL }} # ═══════════════════════════════════════════════════════════════════════ # PREPARE: Compute bumps and open/update Release PR # ═══════════════════════════════════════════════════════════════════════ prepare: name: Prepare Release PR needs: auth if: | (github.event_name == 'push' && !startsWith(github.event.head_commit.message, 'chore(release):') && !contains(github.event.head_commit.message, 'releasekit--release')) || (github.event_name == 'workflow_dispatch' && inputs.action == 'prepare') runs-on: ubuntu-latest timeout-minutes: 10 outputs: has_bumps: ${{ steps.prepare.outputs.has_bumps }} pr_url: ${{ steps.prepare.outputs.pr_url }} steps: - uses: actions/checkout@v6 - uses: ./.github/actions/setup-releasekit with: token: ${{ needs.auth.outputs.token }} releasekit-dir: ${{ env.RELEASEKIT_DIR }} git-user-name: ${{ needs.auth.outputs.git-user-name }} git-user-email: ${{ needs.auth.outputs.git-user-email }} - uses: ./.github/actions/run-releasekit id: prepare with: command: prepare workspace: py releasekit-dir: ${{ env.RELEASEKIT_DIR }} group: ${{ inputs.group }} bump-type: ${{ inputs.bump_type }} prerelease: ${{ inputs.prerelease }} force: ${{ inputs.force_prepare }} env: GH_TOKEN: ${{ needs.auth.outputs.token }} # ═══════════════════════════════════════════════════════════════════════ # RELEASE: Tag merge commit and create GitHub Release # ═══════════════════════════════════════════════════════════════════════ release: name: Tag and Release needs: auth if: | (github.event_name == 'pull_request' && github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'autorelease: pending')) || (github.event_name == 'workflow_dispatch' && inputs.action == 'release') runs-on: ubuntu-latest timeout-minutes: 10 outputs: release_url: ${{ steps.release.outputs.release_url }} steps: - uses: actions/checkout@v6 - uses: ./.github/actions/setup-releasekit with: token: ${{ needs.auth.outputs.token }} releasekit-dir: ${{ env.RELEASEKIT_DIR }} git-user-name: ${{ needs.auth.outputs.git-user-name }} git-user-email: ${{ needs.auth.outputs.git-user-email }} - uses: ./.github/actions/run-releasekit id: release with: command: release workspace: py releasekit-dir: ${{ env.RELEASEKIT_DIR }} dry-run: ${{ env.DRY_RUN }} show-plan: "true" env: GH_TOKEN: ${{ needs.auth.outputs.token }} # ═══════════════════════════════════════════════════════════════════════ # PUBLISH: Build and publish packages to PyPI # ═══════════════════════════════════════════════════════════════════════ publish: name: Publish to ${{ inputs.target || 'pypi' }} needs: [auth, release] if: inputs.skip_publish != 'true' runs-on: ubuntu-latest timeout-minutes: 30 environment: ${{ inputs.target || 'pypi' }} permissions: id-token: write # Trusted publishing (OIDC) + Sigstore signing attestations: write # PEP 740 attestations steps: - uses: actions/checkout@v6 - uses: ./.github/actions/setup-releasekit with: token: ${{ needs.auth.outputs.token }} releasekit-dir: ${{ env.RELEASEKIT_DIR }} install-system-deps: "true" workspace-dir: ${{ env.WORKSPACE_DIR }} enable-ollama: "false" - uses: ./.github/actions/run-releasekit with: command: publish workspace: py releasekit-dir: ${{ env.RELEASEKIT_DIR }} dry-run: ${{ env.DRY_RUN }} force: "true" group: ${{ inputs.group }} concurrency: ${{ inputs.concurrency }} max-retries: ${{ inputs.max_retries }} check-url: ${{ env.PUBLISH_CHECK_URL }} index-url: ${{ env.PUBLISH_INDEX_URL }} show-plan: "true" env: UV_PUBLISH_TOKEN: ${{ inputs.target == 'testpypi' && secrets.TESTPYPI_TOKEN || secrets.PYPI_TOKEN }} - name: Upload manifest artifact if: success() uses: actions/upload-artifact@v4 with: name: release-manifest path: ${{ env.WORKSPACE_DIR }}/release-manifest.json retention-days: 90 - name: Upload SLSA provenance if: success() uses: actions/upload-artifact@v4 with: name: slsa-provenance path: ${{ env.WORKSPACE_DIR }}/provenance*.intoto.jsonl retention-days: 90 if-no-files-found: warn - name: Upload SBOMs if: success() uses: actions/upload-artifact@v4 with: name: sbom path: | ${{ env.WORKSPACE_DIR }}/sbom.cdx.json ${{ env.WORKSPACE_DIR }}/sbom.spdx.json retention-days: 90 if-no-files-found: warn # ═══════════════════════════════════════════════════════════════════════ # VERIFY: Check published packages are installable # ═══════════════════════════════════════════════════════════════════════ verify: name: Verify Published Packages needs: publish if: >- success() && (github.event_name == 'pull_request' || inputs.dry_run == false) runs-on: ubuntu-latest timeout-minutes: 10 steps: - uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.12' - name: Wait for PyPI propagation run: | echo "Waiting 60 seconds for PyPI CDN propagation..." sleep 60 - name: Get core version and verify installation run: | VERSION=$(grep '^version' py/packages/genkit/pyproject.toml | head -1 | sed 's/.*= *"//' | sed 's/".*//') echo "Core version: $VERSION" pip install --upgrade pip # Verify core package. pip install "genkit==$VERSION" python -c "from genkit.ai import Genkit; print('✅ genkit imports successfully')" # Verify all plugins are installable. for pyproject in py/plugins/*/pyproject.toml; do plugin_dir=$(dirname "$pyproject") plugin_name=$(basename "$plugin_dir") pkg_name="genkit-plugin-${plugin_name}" plugin_version=$(grep '^version' "$pyproject" | head -1 | sed 's/.*= *"//' | sed 's/".*//') echo "Verifying $pkg_name==$plugin_version..." if pip install "$pkg_name==$plugin_version" 2>/dev/null; then echo "✅ $pkg_name installed" else echo "⚠️ $pkg_name==$plugin_version not found on PyPI (may not have been published)" fi done # ═══════════════════════════════════════════════════════════════════════ # NOTIFY: Post-release notifications # ═══════════════════════════════════════════════════════════════════════ notify: name: Notify Downstream needs: [auth, release, publish, verify] if: success() runs-on: ubuntu-latest timeout-minutes: 5 steps: - name: Dispatch release event uses: peter-evans/repository-dispatch@v3 with: token: ${{ needs.auth.outputs.token }} event-type: genkit-python-release client-payload: '{"release_url": "${{ needs.release.outputs.release_url }}"}'

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/firebase/genkit'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

releasekit-uv.yml•22.6 KiB