-
Notifications
You must be signed in to change notification settings - Fork 1
Releasing
How to cut a new openbadgeslib release: bump the version in the source, update the changelog, tag, and let CI publish to PyPI. This is for maintainers; see Contributing for the day-to-day development workflow.
The version is declared in three places that must stay in sync. Bump all of them for every release:
-
pyproject.toml— the[project]versionfield (currentlyversion = "1.1.1"). -
openbadgeslib/util.py— the__version__string (currently__version__ = '1.1.1'). -
docs/conf.py— the Sphinx docs version.
There is no single source of truth, so a release where these disagree will ship a wheel whose metadata and __version__ differ. Double-check all three.
Replace X.Y.Z with the new version throughout.
-
Bump the version in the three files above.
# edit each, then sanity-check they all match grep -n 'version' pyproject.toml | head python -c "import openbadgeslib.util as u; print(u.__version__)"
-
Add a
Changelog.txtentry. Entries are newest-first; follow the existing format (* vX.Y.Z - YYYYMMDDheader, then dash-prefixed bullets, withSECURITY:markers on security-relevant lines):* vX.Y.Z - 20260627 - Short description of each change.Mirror the user-facing highlights in
README.txtanddocs/intro.rstso the landing page and the changelog don't drift. -
Run the checks locally before tagging — CI runs the same
flake8+pytestgate (see Contributing):pip install -e ".[dev]" flake8 openbadgeslib tests pytest --cov=openbadgeslib --cov-report=term-missing -
Commit the version bump and changelog:
git add pyproject.toml openbadgeslib/util.py docs/conf.py Changelog.txt README.txt docs/intro.rst git commit -m "Release vX.Y.Z" git push origin master -
Tag the release with an annotated tag and push it:
git tag -a vX.Y.Z -m "openbadgeslib vX.Y.Z" git push origin vX.Y.Z -
Create the GitHub Release. Draft a Release for the
vX.Y.Ztag (Releases → Draft a new release, orgh release create) and Publish it. Publishing — not merely tagging — is what triggers the upload to PyPI.gh release create vX.Y.Z --title "vX.Y.Z" --notes-file -
The workflow is .github/workflows/ci.yml. It has two jobs:
-
test runs on every
pushtomasterand every pull request, across the Python3.10,3.11,3.12, and3.13matrix (fail-fast: false). Each leg installs".[dev]", runsflake8 openbadgeslib tests, thenpytest --cov. -
publish runs only when a GitHub Release is published (
if: github.event_name == 'release') andneeds: test, so it runs only if the whole test matrix passed. It builds the sdist and wheel withpython -m buildand uploads them to PyPI viapypa/gh-action-pypi-publish.
publish:
needs: test
if: github.event_name == 'release'This means: tagging alone does nothing; pushing a tag without a published Release does nothing; and a Release whose tests fail will not publish.
The publish job authenticates with secrets.PYPI_API_TOKEN:
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_API_TOKEN }}This must exist as a repository (or environment) secret named PYPI_API_TOKEN, holding a PyPI API token scoped to the openbadgeslib project. If it is missing or expired the upload step fails even when every test passes. Rotate it in PyPI and update the GitHub secret when needed — the token never lives in the repo.
- Confirm the publish job is green in the Actions tab.
- Confirm the new version appears on PyPI and installs cleanly:
pip install openbadgeslib==X.Y.Z. - Confirm
python -c "import openbadgeslib.util as u; print(u.__version__)"reportsX.Y.Zfrom the published wheel.
openbadgeslib · LGPLv3 (library) / BSD (CLI) · Issues
Getting Started
Concepts
Reference
Guides
Project