Skip to content

Publish-to-PyPI automated flow #379

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 24 commits into from
Oct 7, 2025
Merged

Publish-to-PyPI automated flow #379

merged 24 commits into from
Oct 7, 2025
+355 −2

Conversation

hemidactylus
Copy link
Collaborator

@hemidactylus hemidactylus commented Oct 2, 2025
edited
Loading

This PR introduces a workflow to bundle the build+publish+release steps as a Github automation.

The advantages are:

  1. Lower risk of human mistakes in the process;
  2. Everyone with write access to the repo can trigger a release (no need for user-level PyPI access);
  3. Improved security with OIDC authentication to PyPI from within a Github runner.

Point 3 means that once this is fully merged, finalized and tested, API keys used so far for publishing the bundle can be revoked, reaching a more controlled security stance.

NOTE
The aim of this PR is to merge a non-finalized process to main, in order to test it from the "real" branch with no actual consequence on PyPI.
Once the tests show it's working as intended, a subsequent PR would finalize the workflow, which means in particular:

  • target PyPI for releasing (currently set to target test-PyPI also for the "real" release);
  • create a Github release not in draft+pre-release state anymore.

@hemidactylus hemidactylus added the do_not_merge Don't merge yet! label Oct 2, 2025
@hemidactylus hemidactylus removed the do_not_merge Don't merge yet! label Oct 6, 2025
@hemidactylus hemidactylus changed the title DO NOT MERGE, testing publish flow wip Publish-to-PyPI automated flow Oct 6, 2025
cbornet
cbornet reviewed Oct 6, 2025
View reviewed changes
.github/workflows/release.yml
ASTRA_DB_API_ENDPOINT: ${{ secrets.ASTRA_DB_API_ENDPOINT }}
run: make test

# TODO restore integration tests for final
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment just to not forget the TODO

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure :) This is to speed up testing the flow (by a lot!)

@hemidactylus hemidactylus merged commit 1861d57 into main Oct 7, 2025
8 of 14 checks passed
@hemidactylus hemidactylus deleted the SL-publish-flow branch October 7, 2025 13:37
@hemidactylus hemidactylus mentioned this pull request Oct 7, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cbornet cbornet cbornet approved these changes

@erichare erichare Awaiting requested review from erichare

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hemidactylus @cbornet