From fc4277867cdd9f87a159ffe02bb01c8fc7c5d79c Mon Sep 17 00:00:00 2001
From: Mark DeLaVergne <mdelavergne@salesforce.com>
Date: Thu, 28 May 2026 09:39:36 -0400
Subject: [PATCH 1/2] Allow for pep440 releases

---
 .github/workflows/released_version_check.yml | 33 ++++++++++++++++++++
 CONTRIBUTING.md                              | 11 +++++++
 pyproject.toml                               |  2 +-
 3 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/released_version_check.yml

diff --git a/.github/workflows/released_version_check.yml b/.github/workflows/released_version_check.yml
new file mode 100644
index 0000000..8cc1e63
--- /dev/null
+++ b/.github/workflows/released_version_check.yml
@@ -0,0 +1,33 @@
+name: Released Version Check
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+jobs:
+  check-stable-resolution:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Wait for PyPI indexing
+      run: sleep 180
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.11'
+
+    - name: Install from PyPI (no --pre)
+      run: |
+        python -m venv /tmp/check-venv
+        /tmp/check-venv/bin/pip install salesforce-data-customcode
+
+    - name: Verify resolved version is stable
+      run: |
+        VERSION=$(/tmp/check-venv/bin/pip show salesforce-data-customcode | grep ^Version: | awk '{print $2}')
+        echo "Resolved version: $VERSION"
+        if echo "$VERSION" | grep -qE '(\.dev|a|b|rc)[0-9]+'; then
+          echo "::error::pip install (no --pre) resolved to pre-release version: $VERSION"
+          exit 1
+        fi
+        echo "Version $VERSION is stable."
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 13ab48b..d320069 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -78,6 +78,17 @@ See the [Prerequisites section in README.md](./README.md#prerequisites) for comp
 
    **Tip**: See the [README.md](./README.md) for additional `datacustomcode` commands (`scan`, `deploy`, `zip`) to test specific code paths and validate your SDK changes thoroughly.
 
+## Versioning and Pre-Releases
+
+This project uses [PEP 440](https://peps.python.org/pep-0440/) version syntax. Versions are derived automatically from git tags via `poetry-dynamic-versioning`.
+
+- **Stable releases** use tags like `v4.1.0` → published as `4.1.0` on PyPI.
+- **Pre-releases** use tags like `v4.1.0.dev1`, `v4.1.0rc1` → published as `4.1.0.dev1`, `4.1.0rc1` on PyPI.
+
+Pre-release versions are **never** resolved by `pip install salesforce-data-customcode` unless the user explicitly passes `--pre`. This ensures customers always get stable releases by default.
+
+A Github Action (`Released Version Check`) runs after every publish to verify that bare `pip install` still resolves to a stable version.
+
 ## Makefile Commands
 
 ```bash
diff --git a/pyproject.toml b/pyproject.toml
index 7450e15..becaefb 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -134,7 +134,7 @@ datacustomcode = "datacustomcode.cli:cli"
 [tool.poetry-dynamic-versioning]
 enable = true
 pattern = "^v(?P<base>.+)$"
-style = "semver"
+style = "pep440"
 vcs = "git"
 
 [tool.pytest.ini_options]

From 35bb724a6798abd4332ed67a5a750b1b176b5ae6 Mon Sep 17 00:00:00 2001
From: Mark DeLaVergne <mdelavergne@salesforce.com>
Date: Thu, 28 May 2026 10:52:03 -0400
Subject: [PATCH 2/2] Add a validate-release step to enforce pre-release
 consitency

---
 .github/workflows/release.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 24f9af5..b493904 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,7 +5,30 @@ on:
     types: [published]
 
 jobs:
+  validate-release:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Validate pre-release consistency
+      env:
+        TAG_NAME: ${{ github.event.release.tag_name }}
+        IS_PRERELEASE: ${{ github.event.release.prerelease }}
+      run: |
+        PEP440_PRE=$(echo "$TAG_NAME" | grep -qE '(\.dev|a|b|rc)[0-9]+' && echo "true" || echo "false")
+
+        if [ "$IS_PRERELEASE" = "true" ] && [ "$PEP440_PRE" = "false" ]; then
+          echo "::error::GitHub release is marked as pre-release but tag '$TAG_NAME' is a stable version. Use a PEP 440 pre-release suffix (e.g. .dev1, rc1)."
+          exit 1
+        fi
+
+        if [ "$IS_PRERELEASE" = "false" ] && [ "$PEP440_PRE" = "true" ]; then
+          echo "::error::Tag '$TAG_NAME' has a pre-release suffix but the GitHub release is not marked as pre-release. Check the 'Set as a pre-release' box."
+          exit 1
+        fi
+
+        echo "Release consistency check passed: tag=$TAG_NAME, prerelease=$IS_PRERELEASE"
+
   publish:
+    needs: validate-release
     runs-on: ubuntu-latest
     environment:
       name: pypi