ci: add PyPI trusted-publishing release workflow#11
Merged
Conversation
Publish the conformance suite as agentrust-trace-tests (org-scoped name; bare trace-tests is generic). Adds authors, classifiers, keywords, and repository URLs for PyPI readiness. Workflow triggers on GitHub release publish plus workflow_dispatch, actions pinned by full commit SHA, OIDC trusted publishing only, no API tokens. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #9
Makes the conformance suite installable from PyPI as
agentrust-trace-tests(org-scoped; baretrace-testsis generic and collision-prone -- both names were free, picked the scoped one). The CLI command staystrace-testsvia the existing[project.scripts]entry (trace_tests.cli:main, confirmed present).pyproject.toml: rename package, add authors (agentrust.io, no personal email), Apache-2.0 classifiers matching the repo LICENSE, keywords, Repository and Bug Tracker URLs; fix the self-referencingdevextra. No version bump..github/workflows/release.yml: triggers onrelease: publishedandworkflow_dispatch; build job uploadsdist/artifact; publish job usespypienvironment withid-token: writeandpypa/gh-action-pypi-publish-- OIDC trusted publishing only, no API tokens. All actions pinned by full commit SHA with version comments.Local
python -m buildverified: sdist and wheel build cleanly.One-time maintainer steps
agentrust-trace-testswith owneragentrust-io, repositorytrace-tests, workflowrelease.yml, environmentpypi.pypi.Generated with Claude Code