XRPLF · justinr1234 · Nov 4, 2024 · Oct 24, 2024 · Oct 24, 2024 · Oct 24, 2024
diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml
@@ -0,0 +1,92 @@
+name: Publish xrpl-py 🐍 distribution 📦 to PyPI
+env:
+  POETRY_VERSION: 1.8.3
+
+on: push
+jobs:
+  build:
+    name: Build distribution 📦
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.x"
+    - name: Load cached .local
+      id: cache-poetry
+      uses: actions/cache@v3
+      with:
+          path: /home/runner/.local
+          key: dotlocal-${{ env.POETRY_VERSION }}
+    - name: Install poetry
+      if: steps.cache-poetry.outputs.cache-hit != 'true'
+      run: |
+        curl -sSL https://install.python-poetry.org/ | python - --version ${{ env.POETRY_VERSION }}
+        echo "$HOME/.local/bin" >> $GITHUB_PATH
+    - name: Build a binary wheel and a source tarball
+      run: poetry build
-    - name: Build a binary wheel and a source tarball
-      run: poetry build
+    - name: Build a binary wheel and a source tarball
+      run: poetry build
+    - name: Verify built artifacts
+      run: |
+        ls dist/*.whl dist/*.tar.gz || exit 1
-    - name: Build a binary wheel and a source tarball
-      run: poetry build
+    - name: Build a binary wheel and a source tarball
+      run: poetry build
+    - name: Verify built artifacts
+      run: |
+        ls dist/*.whl dist/*.tar.gz || exit 1
+    - name: Store the distribution packages
+      uses: actions/upload-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+  publish-to-pypi:
+    name: >-
+        Publish Python 🐍 distribution 📦 to PyPI
+    if: startsWith(github.ref, 'refs/tags/')  # only publish to PyPI on tag pushes
+    runs-on: ubuntu-latest
+    permissions:
+        id-token: write  # IMPORTANT: mandatory for trusted publishing
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Publish distribution 📦 to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
+
+  github-release:
+    name: >-
+        Sign the Python 🐍 distribution 📦 with Sigstore
+        and upload them to GitHub Release
+    needs:
+    - publish-to-pypi
+    runs-on: ubuntu-latest
+
+    permissions:
+        contents: write  # IMPORTANT: mandatory for making GitHub Releases
+        id-token: write  # IMPORTANT: mandatory for sigstore
+
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Sign the dists with Sigstore
+      uses: sigstore/[email protected]
+      with:
+        inputs: >-
+            ./dist/*.tar.gz
+            ./dist/*.whl
+    - name: Create GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: >-
+            gh release create
+            '${{ github.ref_name }}'
+            --repo '${{ github.repository }}'
+            --generate-notes
+    - name: Upload artifact signatures to GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      # Upload to GitHub Release using the `gh` CLI.
+      # `dist/` contains the built packages, and the
+      # sigstore-produced signatures and certificates.
+      run: >-
+            gh release upload
+            '${{ github.ref_name }}' dist/**
+            --repo '${{ github.repository }}'
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -202,7 +202,18 @@ This should almost always be done using the [`xrpl-codec-gen`](https://github.co
 - Merge your changes.
 
 ### Release
-
+1. Please increment the version in `pyproject.toml` and update the `CHANGELOG.md` file appropriately. We follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+2. Please select a commit that is suitable for release and create a tag. The following commands can be helpful:
+`git tag -s -a <tag-title> -m "Optional Message describing the tag"`
+`git tag` -- This command displays all the tags in the repository.
+`git push <remote_name, e.g. upstream> tag <tag_title>`
+3. A [Github Workflow](.github/workflows/publish_to_pypi.yml) completes the rest of the Release steps (building the project, generating a .whl and tarball, publishing on the PyPI platform). The workflow uses OpenID Connect's temporary keys to obtain the necessary PyPI authorization.
+As a prerequisite, the PyPI `xrpl-py` project needs to authorize Github Actions as a "Trusted Publisher". This page contains helpful resources: https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#configuring-trusted-publishing
+4. Send an email to [xrpl-announce](https://groups.google.com/g/xrpl-announce).
+5. Post an announcement in the [XRPL Discord #python channel](https://discord.com/channels/886050993802985492/886053080913821717) with a link to the changes and highlighting key changes.
+
+
+**Note: If maintainers prefer to manually release the xrpl-py software distribution, the below steps are relevant.**
 1. Create a branch off main that properly increments the version in `pyproject.toml` and updates the `CHANGELOG` appropriately. We follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 2. Merge this branch into `main`.
 3. Locally build and download the package.

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
-name = "xrpl-py"
-version = "3.0.0"
+name = "xrpl-py-release-test-1"
+version = "3.0.4"
 description = "A complete Python library for interacting with the XRP ledger"
 readme = "README.md"
 repository = "https://github.com/XRPLF/xrpl-py"