Files
litellm/.github/workflows
Cursor Agent 0bd9213d8d ci: add supply-chain guard to block fork PRs that modify dependencies
Add a new CI workflow that rejects pull requests from forks when they:
- Modify uv.lock (any change at all)
- Add new dependencies to any pyproject.toml file (root, litellm-proxy-extras, enterprise)

Security properties:
- Uses pull_request (not pull_request_target) so no secrets are exposed
- All action refs pinned to full SHA hashes
- persist-credentials: false on all checkouts
- permissions: {} (no GitHub token permissions)
- No user-controlled input in run: blocks (no script injection)
- Proper TOML parsing via stdlib tomllib (not regex on raw text)
- Only triggers when dependency files are actually changed (paths filter)

Internal PRs (from branches in the canonical repo) skip the job entirely.

Co-authored-by: Krrish Dholakia <krrish-berri-2@users.noreply.github.com>
2026-04-25 18:46:50 +00:00
..
2026-04-05 01:30:57 -07:00
2026-04-05 01:30:57 -07:00
2026-04-05 01:30:57 -07:00
2026-04-05 01:30:57 -07:00
2026-04-05 01:30:57 -07:00
2026-04-05 01:30:57 -07:00
2026-04-05 01:30:57 -07:00
2026-04-05 01:30:57 -07:00
2026-04-05 01:30:57 -07:00
2026-04-05 01:30:57 -07:00
2026-04-05 01:30:57 -07:00
2026-04-05 01:30:57 -07:00

Simple PyPI Publishing

A GitHub workflow to manually publish LiteLLM packages to PyPI with a specified version.

How to Use

  1. Go to the Actions tab in the GitHub repository
  2. Select Simple PyPI Publish from the workflow list
  3. Click Run workflow
  4. Enter the version to publish (e.g., 1.74.10)

What the Workflow Does

  1. Updates the version in pyproject.toml
  2. Copies the model prices backup file
  3. Builds the Python package
  4. Publishes to PyPI

Prerequisites

Make sure the following secret is configured in the repository:

  • PYPI_PUBLISH_PASSWORD: PyPI API token for authentication

Example Usage

  • Version: 1.74.11 → Publishes as v1.74.11
  • Version: 1.74.10-hotfix1 → Publishes as v1.74.10-hotfix1

Features

  • Manual trigger with version input
  • Automatic version updates in pyproject.toml
  • Repository safety check (only runs on official repo)
  • Clean package building and publishing
  • Success confirmation with PyPI package link