Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

workflows: add a release workflow #308

Merged
merged 13 commits into from
Jun 8, 2023
Merged

workflows: add a release workflow #308

merged 13 commits into from
Jun 8, 2023

Conversation

woodruffw
Copy link
Member

This adds a release workflow that runs on a release: published event, with both PyPI uploading (via trusted publishing) and code signing (via Sigstore). I kept the latter because I copied this from some other projects that I use the same workflow on, but I'm happy to remove it in the interest of keeping things minimal to begin with.

Also, correcting myself from earlier: it looks like I don't have permissions to register the trusted publisher on the PyPI side:

Given that, I'll mark this as blocked until @ionrock can register the publisher (or grant me or @frostming the ability to do it ourselves).

@woodruffw woodruffw requested a review from frostming June 1, 2023 02:50
@woodruffw woodruffw self-assigned this Jun 1, 2023
@frostming
Copy link
Contributor

Maybe add a pyproject.toml to explicitly specify the build backend?

https://packaging.python.org/en/latest/tutorials/packaging-projects/#creating-pyproject-toml

@woodruffw
Copy link
Member Author

Maybe add a pyproject.toml to explicitly specify the build backend?

Sounds good. Want me to move the whole setup.py/setup.cfg over while I'm at it?

@frostming
Copy link
Contributor

Sounds good. Want me to move the whole setup.py/setup.cfg over while I'm at it?

Sure, if the config can be read from pyproject.toml

Removes setup.{cfg,py} in favor of pyproject.toml,
and consolidates all settings.
@woodruffw
Copy link
Member Author

I'll merge on top of #312, since that will probably land first.

@ionrock: I know you have limited bandwidth, but would you be able to look into configuring the trusted publisher on PyPI needed for this PR?

Here's the configuration you'll need:

  • GitHub owner: psf
  • GitHub repository: cachecontrol
  • GitHub workflow: release.yml
  • GitHub environment: none required (you can set this to release if you'd like, but please let me know if you do so I can update the workflow!)

@ionrock
Copy link
Contributor

ionrock commented Jun 7, 2023

@woodruffw Done!

@ionrock
Copy link
Contributor

ionrock commented Jun 7, 2023

@woodruffw I'm assuming you're going to add the release.yml as it isn't in the workflows folder.

@woodruffw
Copy link
Member Author

Thanks @ionrock!

@woodruffw I'm assuming you're going to add the release.yml as it isn't in the workflows folder.

Yep, it should be included in this PR's changeset: https://github.com/psf/cachecontrol/pull/308/files#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34

@woodruffw woodruffw removed the blocked label Jun 7, 2023
@woodruffw
Copy link
Member Author

This should be good to go whenever. @frostming, I assume we'll want to merge your 3.7 changes first.

@woodruffw
Copy link
Member Author

@frostming I'll do a pre-release to test the CI here after this is merged, unless you have any objections 🙂

@frostming
Copy link
Contributor

@woodruffw Go ahead, let's also update the Makefile and include a dev guide for releasing.

@frostming
Copy link
Contributor

frostming commented Jun 8, 2023

@ionrock Any chance to yank 0.13.0 to prevent users on Python 3.6 from installing this version(yeah we didn't know the context of yanking 0.12.12). We are not able to do this.

@woodruffw If the version is yanked we should be able to release this as 0.13.1

@ionrock
Copy link
Contributor

ionrock commented Jun 8, 2023

@frostming Yanked!

@woodruffw
Copy link
Member Author

Okay, pushed up some initial contributing docs (in the CONTRIBUTING.md style that GitHub encourages).

I've removed the old make bump target since bumpversion is unmaintained and doesn't have great support for pre-releases anyways. I'll look into other bumping tools, but for the mean time I've documented a "manual" bumping flow that's almost as simple (since I've consolidated all versions to a single file).

@woodruffw woodruffw merged commit a2f92fd into master Jun 8, 2023
@woodruffw woodruffw deleted the trusted-publishing branch June 8, 2023 04:28
@frostming
Copy link
Contributor

@woodruffw what about https://pypi.org/project/bumpver which should be a drop-in replacement for bumpversion

@woodruffw
Copy link
Member Author

Works for me -- I'll look at adding it tomorrow.

woodruffw added a commit to woodruffw-forks/cachecontrol that referenced this pull request Jul 9, 2024
* workflows: add a release workflow

* Update .github/workflows/release.yml

Co-authored-by: Frost Ming <[email protected]>

* treewide: pyproject-based metadata

Removes setup.{cfg,py} in favor of pyproject.toml,
and consolidates all settings.

* pyproject: fix typo

* tox: use isolated builds

Required with PEP 517/8 metadata.

* pyproject: include `build` in dev-deps

* pyproject: include tests in sdist

Also, remove MANIFEST.in.

* meta: dedupe version, use `bump`

* Makefile, pyproject: remove bump

* CONTRIBUTING: initial contributing docs

---------

Co-authored-by: Frost Ming <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants