mirror of
https://github.com/tiennm99/litellm.git
synced 2026-07-03 17:08:43 +00:00
0bd9213d8d
Add a new CI workflow that rejects pull requests from forks when they:
- Modify uv.lock (any change at all)
- Add new dependencies to any pyproject.toml file (root, litellm-proxy-extras, enterprise)
Security properties:
- Uses pull_request (not pull_request_target) so no secrets are exposed
- All action refs pinned to full SHA hashes
- persist-credentials: false on all checkouts
- permissions: {} (no GitHub token permissions)
- No user-controlled input in run: blocks (no script injection)
- Proper TOML parsing via stdlib tomllib (not regex on raw text)
- Only triggers when dependency files are actually changed (paths filter)
Internal PRs (from branches in the canonical repo) skip the job entirely.
Co-authored-by: Krrish Dholakia <krrish-berri-2@users.noreply.github.com>
Simple PyPI Publishing
A GitHub workflow to manually publish LiteLLM packages to PyPI with a specified version.
How to Use
- Go to the Actions tab in the GitHub repository
- Select Simple PyPI Publish from the workflow list
- Click Run workflow
- Enter the version to publish (e.g.,
1.74.10)
What the Workflow Does
- Updates the version in
pyproject.toml - Copies the model prices backup file
- Builds the Python package
- Publishes to PyPI
Prerequisites
Make sure the following secret is configured in the repository:
PYPI_PUBLISH_PASSWORD: PyPI API token for authentication
Example Usage
- Version:
1.74.11→ Publishes as v1.74.11 - Version:
1.74.10-hotfix1→ Publishes as v1.74.10-hotfix1
Features
- ✅ Manual trigger with version input
- ✅ Automatic version updates in
pyproject.toml - ✅ Repository safety check (only runs on official repo)
- ✅ Clean package building and publishing
- ✅ Success confirmation with PyPI package link