Align with org wide pattern on making releases (tbump, pypi credentials)

.github/workflows/publish.yml → .github/workflows/release.yaml

@@ -1,18 +1,20 @@
 # This is a GitHub workflow defining a set of jobs with a set of steps.
-# ref: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
+# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
 #
-# Build releases and publish to PyPI if a tag is pushed
 name: Release
 
+# Always tests wheel building, but only publish to PyPI on pushed tags.
 on:
   pull_request:
     paths-ignore:
       - "docs/**"
-      - "**/docs.yml"
+      - ".github/workflows/*.yaml"
+      - "!.github/workflows/release.yaml"
   push:
     paths-ignore:
       - "docs/**"
-      - "**/docs.yml"
+      - ".github/workflows/*.yaml"
+      - "!.github/workflows/release.yaml"
     branches-ignore:
       - "dependabot/**"
       - "pre-commit-ci-update-config"
@@ -22,6 +24,14 @@ on:
 jobs:
   build-release:
     runs-on: ubuntu-22.04
+    permissions:
+      # id-token=write is required for pypa/gh-action-pypi-publish, and the PyPI
+      # project needs to be configured to trust this workflow.
+      #
+      # ref: https://github.com/jupyterhub/team-compass/issues/648
+      #
+      id-token: write
+
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-python@v4
@@ -45,6 +55,3 @@ jobs:
       - name: publish to pypi
         uses: pypa/gh-action-pypi-publish@release/v1
         if: startsWith(github.ref, 'refs/tags/')
-        with:
-          user: __token__
-          password: ${{ secrets.pypi_password }}

.github/workflows/test.yml

@@ -47,7 +47,7 @@ jobs:
 
       - uses: actions/setup-node@v3
         with:
-          node-version: "${{ matrix.node-version || '16'}}"
+          node-version: "${{ matrix.node-version || '18'}}"
 
       - name: install git ${{ matrix.git-version }}
         if: ${{ matrix.git-version }}

RELEASE.md

@@ -1,67 +1,60 @@
 # How to make a release
 
-`nbgitpuller` is a package available on
-[PyPI](https://pypi.org/project/nbgitpuller/) and
-[conda-forge](https://anaconda.org/conda-forge/nbgitpuller).
-These are instructions on how to make a release on PyPI.
-The PyPI release is done automatically by TravisCI when a tag is pushed.
+`nbgitpuller` is a package available on [PyPI] and [conda-forge].
+
+These are the instructions on how to make a release.
+
+## Pre-requisites
+
+- Push rights to this GitHub repository
 
 ## Steps to make a release
 
-1. Checkout main and make sure it is up to date.
+1. Create a PR updating `CHANGELOG.md` with [github-activity] and continue when
+   its merged.
 
-   ```shell
-   ORIGIN=${ORIGIN:-origin} # set to the canonical remote, e.g. 'upstream' if 'origin' is not the official repo
-   git checkout main
-   git fetch $ORIGIN main
-   git reset --hard $ORIGIN/main
-   # WARNING! This next command deletes any untracked files in the repo
-   git clean -xfd
-   ```
+   Advice on this procedure can be found in [this team compass
+   issue](https://github.com/jupyterhub/team-compass/issues/563).
 
-1. Set the `__version__` variable in
-   [`nbgitpuller/version.py`](nbgitpuller/version.py)
-   and make a commit.
+2. Checkout main and make sure it is up to date.
 
    ```shell
-   git add nbgitpuller/version.py
-   VERSION=...  # e.g. 1.2.3
-   git commit -m "release $VERSION"
+   git checkout main
+   git fetch origin main
+   git reset --hard origin/main
    ```
 
-1. Reset the `__version__` variable in
-   [`nbgitpuller/version.py`](nbgitpuller/version.py)
-   to an incremented patch version with a `dev` element, then make a commit.
+3. Update the version, make commits, and push a git tag with `tbump`.
 
    ```shell
-   git add nbgitpuller/version.py
-   git commit -m "back to dev"
+   pip install tbump
    ```
 
-1. Push your two commits to main.
+   `tbump` will ask for confirmation before doing anything.
 
    ```shell
-   # first push commits without a tags to ensure the
-   # commits comes through, because a tag can otherwise
-   # be pushed all alone without company of rejected
-   # commits, and we want have our tagged release coupled
-   # with a specific commit in main
-   git push $ORIGIN main
+   # Example versions to set: 1.0.0, 1.0.0b1
+   VERSION=
+   tbump ${VERSION}
    ```
 
-1. Create a git tag for the pushed release commit and push it.
-
-   ```shell
-   git tag -a $VERSION -m $VERSION HEAD~1
+   Following this, the [CI system] will build and publish a release.
 
-   # then verify you tagged the right commit
-   git log
+4. Reset the version back to dev, e.g. `1.0.1.dev` after releasing `1.0.0`.
 
-   # then push it
-   git push $ORIGIN refs/tags/$VERSION
+   ```shell
+   # Example version to set: 1.0.1.dev
+   NEXT_VERSION=
+   tbump --no-tag ${NEXT_VERSION}.dev
    ```
 
-1. Following the release to PyPI, an automated PR should arrive to
-   [conda-forge/nbgitpuller-feedstock](https://github.com/conda-forge/nbgitpuller-feedstock),
-   check for the tests to succeed on this PR and then merge it to successfully
-   update the package for `conda` on the `conda-forge` channel.
+5. Following the release to PyPI, an automated PR should arrive within 24 hours
+   to [conda-forge/nbgitpuller-feedstock] with instructions
+   on releasing to conda-forge. You are welcome to volunteer doing this, but
+   aren't required as part of making this release to PyPI.
+
+[github-activity]: https://github.com/executablebooks/github-activity
+[pypi]: https://pypi.org/project/nbgitpuller/
+[conda-forge]: https://anaconda.org/conda-forge/nbgitpuller
+[conda-forge/nbgitpuller-feedstock]: https://github.com/conda-forge/nbgitpuller-feedstock
+[ci system]: https://github.com/jupyterhub/nbgitpuller/actions/workflows/release.yaml

nbgitpuller/version.py

@@ -1,2 +1,4 @@
-""""The nbgitpuller PyPI package SemVer version."""
-__version__ = '1.1.2dev'
+# __version__ should be updated using tbump, based on configuration in
+# pyproject.toml, according to instructions in RELEASE.md.
+#
+__version__ = "1.1.2.dev"

pyproject.toml

@@ -46,3 +46,36 @@ target_version = [
 markers = [
     "jupyter_server: configure the jupyter_server fixture"
 ]
+
+
+
+# tbump is used to simplify and standardize the release process when updating
+# the version, making a git commit and tag, and pushing changes.
+#
+# ref: https://github.com/your-tools/tbump#readme
+#
+[tool.tbump]
+github_url = "https://github.com/jupyterhub/nbgitpuller"
+
+[tool.tbump.version]
+current = "1.1.2.dev"
+regex = '''
+    (?P<major>\d+)
+    \.
+    (?P<minor>\d+)
+    \.
+    (?P<patch>\d+)
+    (?P<pre>((a|b|rc)\d+)|)
+    \.?
+    (?P<dev>(?<=\.)dev\d*|)
+'''
+
+[tool.tbump.git]
+message_template = "Bump to {new_version}"
+tag_template = "{new_version}"
+
+[[tool.tbump.file]]
+src = "nbgitpuller/version.py"
+
+[[tool.tbump.file]]
+src = "setup.py"

setup.py

@@ -1,6 +1,5 @@
 from jupyter_packaging import wrap_installers, npm_builder
 from setuptools import find_packages, setup
-from distutils.util import convert_path
 import os.path
 
 HERE = os.path.abspath(os.path.dirname(__file__))
@@ -17,16 +16,9 @@
     pre_develop=jsdeps, pre_dist=jsdeps,
     ensured_targets=jstargets)
 
-# Imports __version__, reference: https://stackoverflow.com/a/24517154/2220152
-ns = {}
-ver_path = convert_path('nbgitpuller/version.py')
-with open(ver_path) as ver_file:
-    exec(ver_file.read(), ns)
-__version__ = ns['__version__']
-
 setup(
     name='nbgitpuller',
-    version=__version__,
+    version="1.1.2.dev",
     url='https://github.com/jupyterhub/nbgitpuller',
     license='3-clause BSD',
     author='Peter Veerman, YuviPanda',
@@ -50,7 +42,7 @@
         ],
     },
     classifiers=[
-        'Development Status :: 4 - Beta',
+        'Development Status :: 5 - Production/Stable',
         'License :: OSI Approved :: BSD License',
         'Operating System :: POSIX',
         'Operating System :: MacOS',