From 76d0627158cf93b3bb97662e5c941c7b2a6e85b7 Mon Sep 17 00:00:00 2001 From: Mary Cleaton Date: Thu, 6 Nov 2025 13:30:10 +0000 Subject: [PATCH 01/10] refactor: rename and update github workflows --- ...version_workflow.yaml => increment_version.yaml} | 13 +++++++------ ...pull_request_workflow.yaml => pull_request.yaml} | 0 2 files changed, 7 insertions(+), 6 deletions(-) rename .github/workflows/{increment_version_workflow.yaml => increment_version.yaml} (52%) rename .github/workflows/{pull_request_workflow.yaml => pull_request.yaml} (100%) diff --git a/.github/workflows/increment_version_workflow.yaml b/.github/workflows/increment_version.yaml similarity index 52% rename from .github/workflows/increment_version_workflow.yaml rename to .github/workflows/increment_version.yaml index 9865e89..0afc78b 100644 --- a/.github/workflows/increment_version_workflow.yaml +++ b/.github/workflows/increment_version.yaml @@ -6,19 +6,20 @@ on: - main jobs: - deploy: + # Increments repo version and pushes tag + increment-version: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v4 - - name: Extract package version - id: package_version + - name: Extract repo version + id: repo_version run: | - echo "PACKAGE_VERSION=$(python setup.py --version)" >> $GITHUB_ENV + echo "PACKAGE_VERSION=$python setup.py --version)" >> $GITHUB_ENV - name: Bump version and push tag id: tag_version - uses: mathieudutour/github-tag-action@v6.1 + uses: mathieudutour/github-tag-action@v6.2 with: github_token: ${{ secrets.GITHUB_TOKEN }} custom_tag: ${{ env.PACKAGE_VERSION }} diff --git a/.github/workflows/pull_request_workflow.yaml b/.github/workflows/pull_request.yaml similarity index 100% rename from .github/workflows/pull_request_workflow.yaml rename to .github/workflows/pull_request.yaml From 8e44af17c3f1945ed084647626b4c1803ce4bcbb Mon Sep 17 00:00:00 2001 From: Mary Cleaton Date: Thu, 6 Nov 2025 13:31:43 +0000 Subject: [PATCH 02/10] feat: add pypi github workflow --- .github/workflows/deploy_pypi.yaml | 37 ++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100755 .github/workflows/deploy_pypi.yaml diff --git a/.github/workflows/deploy_pypi.yaml b/.github/workflows/deploy_pypi.yaml new file mode 100755 index 0000000..662a326 --- /dev/null +++ b/.github/workflows/deploy_pypi.yaml @@ -0,0 +1,37 @@ +name: "Deploy PyPI workflow" + +on: + push: + branches: + - main + +jobs: + # Build and lint package + build-package: + name: Build & verify package + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 0 + + - uses: hynek/build-and-inspect-python-package@v2 + + # Upload to PyPI + release-pypi: + name: Publish to PyPI + runs-on: ubuntu-latest + needs: build-package + steps: + - name: Download built package + uses: actions/download-artifact@v4 + with: + name: Packages + path: dist + + - name: Upload package to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + user: __token__ + password: ${{ secrets.PYPI_API_TOKEN }} + \ No newline at end of file From c17ff5d66e8550c2ee951acfc740af2892614927 Mon Sep 17 00:00:00 2001 From: Mary Cleaton Date: Thu, 6 Nov 2025 13:32:37 +0000 Subject: [PATCH 03/10] docs: update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 06b39de..17e74c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ and this project adheres to [semantic versioning](https://semver.org/spec/v2.0.0 - `create_spark_session` in `tests/utils/test_utils_create_spark_session.py`. - `get_input_variables` in `tests/utils/utils.py`. - `get_deltas` in `tests/indicator_matrix/test_indicator_matrix.py`. +- GitHub Action workflow to deploy repo as package in PyPI. ### Changed From f21cf8429b4c66ddff1fc1e4440c334ad59539e4 Mon Sep 17 00:00:00 2001 From: Mary Cleaton Date: Thu, 6 Nov 2025 14:29:51 +0000 Subject: [PATCH 04/10] docs: update branch and deploy guide --- docs/branch_and_deploy_guide.md | 130 ++++++++++++++++++++++---------- 1 file changed, 89 insertions(+), 41 deletions(-) diff --git a/docs/branch_and_deploy_guide.md b/docs/branch_and_deploy_guide.md index 6567ddc..9b93423 100644 --- a/docs/branch_and_deploy_guide.md +++ b/docs/branch_and_deploy_guide.md @@ -66,43 +66,64 @@ Our repository has two permanent branches: ### Overview [GitHub Actions][github-actions] are triggered on pull request from any branch, including feature branches. This CI/CD pipeline -ensures code does not enter the `develop` or `main` branches unless it has had certain checks. The repository is set up so -that pull requests cannot be merged if these GitHub Actions fail. +ensures code does not enter the `develop` or `main` branches unless it has had certain checks. -### Steps in the pull request pipeline +### Pull request workflow steps 1. **Trigger:** - - The pipeline is triggered when a `merge` is detected. + - When a `merge` is detected. -2. **Branch check:** - - Checks that the pull request is only into `main` if coming from `develop` or a branch whose name starts with `hotfix`. +2. **Check branch:** + - Check the base branch for the pull request. + - If the base branch is `main`, check if the branch is `develop` or has a name starting with `hotfix`. -3. **Changelog check:** - - The changelog is checked for updates. +3. **Check changelog:** + - Check that `CHANGELOG.md` has been updated. -4. **Pre-commit hooks:** - - All pre-commit hooks are run. +4. **Pre-commit:** + - Run all pre-commit hooks. -5. **Unit tests:** - - All unit tests are run. +5. **Test:** + - Run all unit tests on all versions of Python supported by the repo. ## Deployment process using GitHub Actions ### Overview The deployment process is automated using [GitHub Actions][github-actions]. This CI/CD pipeline is triggered upon merging -changes into the `main` branch. +changes into the `main` branch. It is separated into two workflows: one for incrementing the version tag in GitHub and the other +for deploying to PyPI. -### Steps in the deployment pipeline +### Increment version workflow steps 1. **Trigger:** - - The pipeline is triggered when a `merge` into `main` is detected. + - When a `push` to `main` is detected. -2. **Increment version:** - - The version of the package is incremented. - - The new version tag is pushed. +2. **Extract repo version:** + - Extract the version of the repo from the location specified in `setup.py`. + +3. **Bump version and push tag:** + - Bump the repository version by pushing a new tag. -Further deployment steps will be added in due course. +### Deploy PyPI workflow steps + +1. **Trigger:** + - When a `push` to `main` is detected. + +2. **Build and verify package:** + - Use `uv` via `hynek/build-and-inspect-python-package` to: + - Build the package. + - Upload the built wheel and the source distribution as GitHub Actions artifacts. + - Lint the wheel contents using `check-wheel-contents`. + - Lint the PyPI README using `Twine` and upload it as a GitHub Actions artifact. + - Print the tree of both SDist and `wheel`, allowing manual checking of the content list. + - Print and upload the packaging metadata as a GitHub Actions artifact. + +3. **Download built package:** + - Download the built package from GitHub Actions artifacts to `dist`. + +4. **Upload package to PyPI:** + - Upload the package from `dist` to PyPI. ## Merging develop to main: A guide for maintainers @@ -148,7 +169,7 @@ As `scalelink` maintainers, ensuring a seamless transition from `develop` to `ma - **Merge to main:** - With all preparations complete and changes reviewed, proceed to merge the `develop` branch into the `main` branch. - This action can be done through the GitHub UI by completing the pull request initiated in the Preparation section of this guide. - - Merging to `main` automatically triggers the GitHub Actions workflow for deployment. **Note: this currently only includes creating a GitHub Release with the new version tag.** + - Merging to `main` automatically triggers the GitHub Actions workflow for deployment. ### Synchronising develop branch post-merge @@ -175,37 +196,64 @@ Below is a visual representation of our Git workflow, illustrating the process f ```mermaid graph TD - A([Start feature development]) + A([Start or continue feature development or bugfix]) B[Create feature branch from develop branch] - C{Feature complete and tested?} - D[Raise pull request to merge feature branch into develop branch] - E[Trigger automated checks via GitHub Actions] - F[Review and approve pull request] - G{Develop branch: Ready for release?} - H[Update package version -- semver] - I[Raise pull request to merge develop branch into main branch] - J[Trigger automated checks via GitHub Actions] - K[Review and approve pull request] - L[Trigger automated deployment via GitHub Actions] - M[Create GitHub Release with version tag] - N[Update develop branch with main] - + C[Develop feature or bugfix in feature branch] + D{Feature branch: complete and tested?} + E[Raise pull request to merge feature branch into develop branch] + F[Trigger automated checks via GitHub Actions] + G[Review and approve pull request] + H{Develop branch: Ready for release?} + I[Update package version - major or minor update] + J[Raise pull request to merge develop branch into main branch] + K[Trigger automated checks via GitHub Actions] + L[Review and approve pull request] + M[Trigger automated deployment via GitHub Actions] + N[Create GitHub Release with version tag] + O[Update develop branch with main] + P[Build and test scalelink package] + Q[Publish to PyPI] + + R([Start or continue hotfix]) + S[Create hotfix branch from main branch] + T[Develop hotfix in hotfix branch] + U{Hotfix branch: complete and tested?} + V[Update package version - patch update] + W[Raise pull request to merge hotfix branch into main branch] + X[Trigger automated checks via GitHub Actions] + Y[Review and approve pull request] + Z{Hotfix branch: Ready for release?} + A --> B B --> C - C -- No --> B - C -- Yes --> D - D --> E + C --> D + D -- No --> C + D -- Yes --> E E --> F F --> G - G -- No --> A - G -- Yes --> H - H --> I + G --> H + H -- No --> A + H -- Yes --> I I --> J J --> K K --> L L --> M M --> N - N --> A + N --> O + O --> P + P --> A + + R --> S + S --> T + T --> U + U -- No --> T + U -- Yes --> V + V --> W + W --> X + X --> Y + Y --> Z + Z -- No --> T + Z -- Yes --> M ``` [commits]: https://www.markdownguide.org/basic-syntax/#links From 357425724ff7c1d5b9b3c5566289e5ce28c7f2db Mon Sep 17 00:00:00 2001 From: Mary Cleaton Date: Thu, 6 Nov 2025 14:37:34 +0000 Subject: [PATCH 05/10] docs: correct typos and update branch and deploy guide --- docs/branch_and_deploy_guide.md | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/docs/branch_and_deploy_guide.md b/docs/branch_and_deploy_guide.md index 9b93423..73eaf2a 100644 --- a/docs/branch_and_deploy_guide.md +++ b/docs/branch_and_deploy_guide.md @@ -24,11 +24,12 @@ Our repository has two permanent branches: 1. **Feature branches:** - All new features and bugfixes are developed in separate branches created from the `develop` branch. - Any hotfixes are developed in separate branches created from the `main` branch. - - Branch naming conventions: - - `docs/` - for updates to documentation only. + - [Conventional branch][branches] naming conventions: - `feat/` - feature branches, for introducing new features. - `fix/` - bugfixes, for resolving bugs. - `hotfix/` - hotfixes, for urgent fixes that go straight to production. + - `release/` - for preparing a release. + - `chore/` - for non-code tasks, e.g. dependency or documentation updates. - [Conventional commit][commits] messages, including the following types: - `build` - for changes that affect the build system or external dependencies. - `ci` - for changes to CI configuration files and scripts, e.g. GitHub Actions, Dependabot. @@ -65,8 +66,8 @@ Our repository has two permanent branches: ### Overview -[GitHub Actions][github-actions] are triggered on pull request from any branch, including feature branches. This CI/CD pipeline -ensures code does not enter the `develop` or `main` branches unless it has had certain checks. +[GitHub Actions][github-actions] are triggered on merging to any branch. This CI/CD pipeline ensures code does not enter +any parent branches unless it has had certain checks. ### Pull request workflow steps @@ -90,7 +91,7 @@ ensures code does not enter the `develop` or `main` branches unless it has had c ### Overview -The deployment process is automated using [GitHub Actions][github-actions]. This CI/CD pipeline is triggered upon merging +The deployment process is automated using [GitHub Actions][github-actions]. This CI/CD pipeline is triggered upon pushing changes into the `main` branch. It is separated into two workflows: one for incrementing the version tag in GitHub and the other for deploying to PyPI. @@ -112,12 +113,12 @@ for deploying to PyPI. 2. **Build and verify package:** - Use `uv` via `hynek/build-and-inspect-python-package` to: - - Build the package. - - Upload the built wheel and the source distribution as GitHub Actions artifacts. - - Lint the wheel contents using `check-wheel-contents`. - - Lint the PyPI README using `Twine` and upload it as a GitHub Actions artifact. - - Print the tree of both SDist and `wheel`, allowing manual checking of the content list. - - Print and upload the packaging metadata as a GitHub Actions artifact. + - Build the package. + - Upload the built wheel and the source distribution as GitHub Actions artifacts. + - Lint the wheel contents using `check-wheel-contents`. + - Lint the PyPI README using `Twine` and upload it as a GitHub Actions artifact. + - Print the tree of both SDist and `wheel`, allowing manual checking of the content list. + - Print and upload the packaging metadata as a GitHub Actions artifact. 3. **Download built package:** - Download the built package from GitHub Actions artifacts to `dist`. @@ -161,8 +162,8 @@ As `scalelink` maintainers, ensuring a seamless transition from `develop` to `ma This step ensures users and developers can easily find and access the specific versions of `scalelink` through their respective release pages and download links, maintaining comprehensive and navigable documentation. - **Final review and push:** - - Review the changes one more time, ensuring that the version bump and `CHANGELOG.md` updates are correctly applied. - - Push the commit(s) to the `develop` branch. This action updates the branch with the version change and changelog updates. + - Review the changes one more time, ensuring that the version bump and `CHANGELOG.md` updates are correctly applied. + - Push the commit(s) to the `develop` branch. This action updates the branch with the version change and changelog updates. ### Merging and deployment @@ -241,7 +242,8 @@ graph TD M --> N N --> O O --> P - P --> A + P --> Q + Q ------------> A R --> S S --> T @@ -253,9 +255,10 @@ graph TD X --> Y Y --> Z Z -- No --> T - Z -- Yes --> M + Z -- Yes ----------> M ``` +[branches]: https://conventional-branch.github.io/ [commits]: https://www.markdownguide.org/basic-syntax/#links [sem-ver]: https://semver.org/ [github-actions]: https://github.com/features/actions From 8f6c3a83321963a5fb5a33c184ee6137f130b9db Mon Sep 17 00:00:00 2001 From: Mary Cleaton Date: Thu, 6 Nov 2025 14:39:06 +0000 Subject: [PATCH 06/10] docs: correct typos --- docs/branch_and_deploy_guide.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/branch_and_deploy_guide.md b/docs/branch_and_deploy_guide.md index 73eaf2a..8cb33b9 100644 --- a/docs/branch_and_deploy_guide.md +++ b/docs/branch_and_deploy_guide.md @@ -66,7 +66,7 @@ Our repository has two permanent branches: ### Overview -[GitHub Actions][github-actions] are triggered on merging to any branch. This CI/CD pipeline ensures code does not enter +Certain [GitHub Actions][github-actions] are triggered on merging to any branch. This CI/CD pipeline ensures code does not enter any parent branches unless it has had certain checks. ### Pull request workflow steps @@ -255,7 +255,7 @@ graph TD X --> Y Y --> Z Z -- No --> T - Z -- Yes ----------> M + Z -- Yes --> M ``` [branches]: https://conventional-branch.github.io/ From e45506e762a99a7481425ce695f5ee7e6b0d6542 Mon Sep 17 00:00:00 2001 From: Mary Cleaton Date: Thu, 6 Nov 2025 14:53:47 +0000 Subject: [PATCH 07/10] docs: refactor mermaid workflow diagram --- docs/branch_and_deploy_guide.md | 129 ++++++++++++++++++-------------- 1 file changed, 73 insertions(+), 56 deletions(-) diff --git a/docs/branch_and_deploy_guide.md b/docs/branch_and_deploy_guide.md index 8cb33b9..0187f40 100644 --- a/docs/branch_and_deploy_guide.md +++ b/docs/branch_and_deploy_guide.md @@ -197,65 +197,82 @@ Below is a visual representation of our Git workflow, illustrating the process f ```mermaid graph TD - A([Start or continue feature development or bugfix]) - B[Create feature branch from develop branch] - C[Develop feature or bugfix in feature branch] - D{Feature branch: complete and tested?} - E[Raise pull request to merge feature branch into develop branch] - F[Trigger automated checks via GitHub Actions] - G[Review and approve pull request] - H{Develop branch: Ready for release?} - I[Update package version - major or minor update] - J[Raise pull request to merge develop branch into main branch] - K[Trigger automated checks via GitHub Actions] - L[Review and approve pull request] - M[Trigger automated deployment via GitHub Actions] - N[Create GitHub Release with version tag] - O[Update develop branch with main] - P[Build and test scalelink package] - Q[Publish to PyPI] + Start1([Start or continue feature development or bugfix]) + Start2([Start or continue hotfix]) - R([Start or continue hotfix]) - S[Create hotfix branch from main branch] - T[Develop hotfix in hotfix branch] - U{Hotfix branch: complete and tested?} - V[Update package version - patch update] - W[Raise pull request to merge hotfix branch into main branch] - X[Trigger automated checks via GitHub Actions] - Y[Review and approve pull request] - Z{Hotfix branch: Ready for release?} + Feat1[Create feature branch from develop branch] + Feat2[Develop feature or bugfix in feature branch] + Feat3{Feature branch: complete and tested?} + Feat4[Raise pull request to merge feature branch into develop branch] + Feat5[Trigger automated checks via GitHub Actions] + Feat6[Review pull request] + Feat7{Feature branch: approve pull request?} + Feat8[Merge pull request] - A --> B - B --> C - C --> D - D -- No --> C - D -- Yes --> E - E --> F - F --> G - G --> H - H -- No --> A - H -- Yes --> I - I --> J - J --> K - K --> L - L --> M - M --> N - N --> O - O --> P - P --> Q - Q ------------> A + Dev1{Develop branch: Ready for release?} + Dev2[Update package version - semver major or minor update] + Dev3[Raise pull request to merge develop branch into main branch] + Dev4[Trigger automated checks via GitHub Actions] + Dev5[Review pull request] + Dev6{Dev branch: approve pull request?} + Dev7[Merge pull request] - R --> S - S --> T - T --> U - U -- No --> T - U -- Yes --> V - V --> W - W --> X - X --> Y - Y --> Z - Z -- No --> T - Z -- Yes --> M + Deploy1[Trigger automated deployment via GitHub Actions] + Deploy2[Create GitHub Release with version tag] + Deploy3[Update develop branch with main] + Deploy4[Build and test scalelink package] + Deploy5[Publish to PyPI] + + Hotfix1[Create hotfix branch from main branch] + Hotfix2[Develop hotfix in hotfix branch] + Hotfix3{Hotfix branch: complete and tested?} + Hotfix4[Raise pull request to merge hotfix branch into main branch] + Hotfix5[Trigger automated checks via GitHub Actions] + Hotfix6[Review pull request] + Hotfix7{Hotfix branch: approve pull request?} + Hotfix8[Update package version - semver patch update] + Hotfix9[Merge pull request] + + Start1 --> Feat1 + + Feat1 --> Feat2 + Feat2 --> Feat3 + Feat3 -- No --> Feat2 + Feat3 -- Yes --> Feat4 + Feat4 --> Feat5 + Feat5 --> Feat6 + Feat6 --> Feat7 + Feat7 -- No --> Feat2 + Feat7 -- Yes --> Feat8 + Feat8 --> Dev1 + + Dev1 -- No --> Start1 + Dev1 -- Yes --> Dev2 + Dev2 --> Dev3 + Dev3 --> Dev4 + Dev4 --> Dev5 + Dev5 --> Dev6 + Dev6 -- No --> Start1 + Dev6 -- Yes --> Dev7 + Dev7 --> Deploy1 + + Deploy1 --> Deploy2 + Deploy2 --> Deploy3 + Deploy3 --> Deploy4 + Deploy4 --> Deploy5 + Deploy5 ------------> Start1 + + Hotfix1 --> Hotfix2 + Hotfix2 --> Hotfix3 + Hotfix3 -- No --> Hotfix2 + Hotfix3 -- Yes --> Hotfix4 + Hotfix4 --> Hotfix5 + Hotfix5 --> Hotfix6 + Hotfix6 --> Hotfix7 + Hotfix7 -- No --> Hotfix2 + Hotfix7 -- Yes --> Hotfix8 + Hotfix8 --> Hotfix9 + Hotfix9 --> Deploy1 ``` [branches]: https://conventional-branch.github.io/ From fc42806d1e901919d0490bb2cff5f20a530c39f8 Mon Sep 17 00:00:00 2001 From: Mary Cleaton Date: Thu, 6 Nov 2025 14:58:40 +0000 Subject: [PATCH 08/10] docs: minor update to mermaid flowchart --- docs/branch_and_deploy_guide.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/branch_and_deploy_guide.md b/docs/branch_and_deploy_guide.md index 0187f40..cce1998 100644 --- a/docs/branch_and_deploy_guide.md +++ b/docs/branch_and_deploy_guide.md @@ -234,6 +234,7 @@ graph TD Hotfix9[Merge pull request] Start1 --> Feat1 + Start2 --> Hotfix1 Feat1 --> Feat2 Feat2 --> Feat3 @@ -253,7 +254,7 @@ graph TD Dev4 --> Dev5 Dev5 --> Dev6 Dev6 -- No --> Start1 - Dev6 -- Yes --> Dev7 + Dev6 -- Yes ---> Dev7 Dev7 --> Deploy1 Deploy1 --> Deploy2 @@ -265,7 +266,7 @@ graph TD Hotfix1 --> Hotfix2 Hotfix2 --> Hotfix3 Hotfix3 -- No --> Hotfix2 - Hotfix3 -- Yes --> Hotfix4 + Hotfix3 -- Yes ---> Hotfix4 Hotfix4 --> Hotfix5 Hotfix5 --> Hotfix6 Hotfix6 --> Hotfix7 From 86c0f7c64e3e2a7be63b0dc98be1051ff800e79c Mon Sep 17 00:00:00 2001 From: Mary Cleaton Date: Thu, 6 Nov 2025 15:22:29 +0000 Subject: [PATCH 09/10] docs: fiddle with formatting of mermaid flowchart --- docs/branch_and_deploy_guide.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/branch_and_deploy_guide.md b/docs/branch_and_deploy_guide.md index cce1998..fdfd433 100644 --- a/docs/branch_and_deploy_guide.md +++ b/docs/branch_and_deploy_guide.md @@ -214,7 +214,7 @@ graph TD Dev3[Raise pull request to merge develop branch into main branch] Dev4[Trigger automated checks via GitHub Actions] Dev5[Review pull request] - Dev6{Dev branch: approve pull request?} + Dev6{Develop branch: approve pull request?} Dev7[Merge pull request] Deploy1[Trigger automated deployment via GitHub Actions] @@ -232,10 +232,10 @@ graph TD Hotfix7{Hotfix branch: approve pull request?} Hotfix8[Update package version - semver patch update] Hotfix9[Merge pull request] - + Start1 --> Feat1 Start2 --> Hotfix1 - + Feat1 --> Feat2 Feat2 --> Feat3 Feat3 -- No --> Feat2 @@ -244,9 +244,9 @@ graph TD Feat5 --> Feat6 Feat6 --> Feat7 Feat7 -- No --> Feat2 - Feat7 -- Yes --> Feat8 + Feat7 -- Yes ---> Feat8 Feat8 --> Dev1 - + Dev1 -- No --> Start1 Dev1 -- Yes --> Dev2 Dev2 --> Dev3 @@ -254,7 +254,7 @@ graph TD Dev4 --> Dev5 Dev5 --> Dev6 Dev6 -- No --> Start1 - Dev6 -- Yes ---> Dev7 + Dev6 -- Yes ---> Dev7 Dev7 --> Deploy1 Deploy1 --> Deploy2 @@ -266,14 +266,14 @@ graph TD Hotfix1 --> Hotfix2 Hotfix2 --> Hotfix3 Hotfix3 -- No --> Hotfix2 - Hotfix3 -- Yes ---> Hotfix4 + Hotfix3 -- Yes --> Hotfix4 Hotfix4 --> Hotfix5 Hotfix5 --> Hotfix6 Hotfix6 --> Hotfix7 Hotfix7 -- No --> Hotfix2 Hotfix7 -- Yes --> Hotfix8 Hotfix8 --> Hotfix9 - Hotfix9 --> Deploy1 + Hotfix9 ----------> Deploy1 ``` [branches]: https://conventional-branch.github.io/ From 84b0c9bb7e8344a003aa96e62a3dd4b023909318 Mon Sep 17 00:00:00 2001 From: Mary Cleaton Date: Mon, 24 Nov 2025 12:14:59 +0000 Subject: [PATCH 10/10] refactor: update pypi workflow to use trusted publishers This is more secure than using an API key. Also, update so package is built for multiple package versions, currently 3.8-3.10. --- .github/workflows/deploy_pypi.yaml | 38 ++++++++++++++++-------------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/.github/workflows/deploy_pypi.yaml b/.github/workflows/deploy_pypi.yaml index 662a326..7074039 100755 --- a/.github/workflows/deploy_pypi.yaml +++ b/.github/workflows/deploy_pypi.yaml @@ -6,32 +6,34 @@ on: - main jobs: - # Build and lint package - build-package: - name: Build & verify package + # Build and lint release distribution + release-build: + name: Build and verify release runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 with: fetch-depth: 0 + python-version: ["3.8", "3.9", "3.10"] - uses: hynek/build-and-inspect-python-package@v2 - - # Upload to PyPI - release-pypi: - name: Publish to PyPI + + # Publish to PyPI + pypi-publish: + name: Upload release to PyPI runs-on: ubuntu-latest - needs: build-package + needs: release-build + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write + environment: + name: pypi steps: - - name: Download built package - uses: actions/download-artifact@v4 + - name: Retrieve release distributions + uses: actions/download-artifact@v5 with: - name: Packages - path: dist - - - name: Upload package to PyPI + name: release-dists + path: dist/ + + - name: Publish release distributions to PyPI uses: pypa/gh-action-pypi-publish@release/v1 - with: - user: __token__ - password: ${{ secrets.PYPI_API_TOKEN }} - \ No newline at end of file