Skip to content

v0.1.1

Latest
Latest

Choose a tag to compare

View all tags
@satwikmishra11 satwikmishra11 released this 14 Apr 07:52
· 52 commits to main since this release
v0.1.1
b1c0b9a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Key Features

  1. Trigger Mechanism

    • Automatically runs when:

      • New GitHub Release is published

      • Manual trigger via GitHub UI (workflow_dispatch)

    • Environment: Dedicated pypi environment for security isolation

  2. Security Implementation

    • Uses OpenID Connect (OIDC) for PyPI authentication

    • No stored credentials (eliminates secret rotation needs)

    • Requires id-token: write permission for JWT token generation

  3. Build Process

    • Clean Python environment setup

    • Builds both wheel and sdist packages

    • Verifies package structure compliance with PEP 517/518

  4. Publishing Controls

    • Strict PyPI environment protection

    • Version validation against existing PyPI releases

    • Automatic metadata verification

Workflow Breakdown

1. Trigger Conditions

yaml
Copy
on:
  release:
    types: [published]  # Only on formal GitHub releases
  workflow_dispatch:    # Manual override capability

2. Job Configuration

yaml
Copy
jobs:
  build-and-publish:
    runs-on: ubuntu-latest
    environment: pypi    # Requires environment protection rules
    permissions:
      contents: read     # Repository code access
      id-token: write    # OIDC token generation

3. Execution Steps

Step | Description | Critical Components -- | -- | -- Checkout | Gets repository code | Version tag validation Python Setup | Prepares 3.x environment | Version matrix compatibility Build Tools | Installs latest pip/build | Dependency freshness check Package Build | Generates wheel/sdist | PEP 517 compliance PyPI Publish | Secure upload | Trusted publisher verification

Release Process Flow

  1. Version Tagging

    • Create annotated Git tag: git tag -a v1.0.0 -m "Initial release"

    • Push tag: git push origin v1.0.0

  2. GitHub Release

    • Draft new release in GitHub UI/API

    • Associate with existing tag

    • Add release notes/changelog

  3. Automated Pipeline

    • Triggers on release publication

    • Builds package artifacts

    • Verifies against PyPI standards

    • Publishes to PyPI index

  4. Verification

    • Check PyPI project page

    • Validate package metadata

    • Confirm digital signatures


Assets 2
Loading