From 704eb5f3c2dc503b9be50e86729ac1255c552609 Mon Sep 17 00:00:00 2001 From: docushell-admin Date: Wed, 24 Jun 2026 11:50:22 +0530 Subject: [PATCH] Close patch 0.1.1 Python PyPI publication Signed-off-by: docushell-admin --- ...patch_0_1_1_python_publication_closeout.py | 163 ++++++++++++++++++ .../scripts/test_release_candidate_prep.py | 1 + CHANGELOG.md | 1 + Makefile | 1 + docs/validation/README.md | 4 + ...lication-closeout-validation-2026-06-24.md | 133 ++++++++++++++ 6 files changed, 303 insertions(+) create mode 100644 .github/scripts/test_patch_0_1_1_python_publication_closeout.py create mode 100644 docs/validation/patch-0-1-1-python-publication-closeout-validation-2026-06-24.md diff --git a/.github/scripts/test_patch_0_1_1_python_publication_closeout.py b/.github/scripts/test_patch_0_1_1_python_publication_closeout.py new file mode 100644 index 0000000..3cb4e6a --- /dev/null +++ b/.github/scripts/test_patch_0_1_1_python_publication_closeout.py @@ -0,0 +1,163 @@ +#!/usr/bin/env python3 +# +# Copyright 2026 The Ethos maintainers +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# + +from __future__ import annotations + +import json +import re +import subprocess +import unittest +import urllib.request +from pathlib import Path + +from makefile_guard import target_block + + +ROOT = Path(__file__).resolve().parents[2] +RECORD = ROOT / "docs/validation/patch-0-1-1-python-publication-closeout-validation-2026-06-24.md" +VALIDATION_README = ROOT / "docs/validation/README.md" +MAKEFILE = ROOT / "Makefile" + +SOURCE_SHORT = "2cab87d" +SOURCE_COMMIT = "2cab87df30443cb8e1c32489adc9b3123cac455f" +SOURCE_TREE = "ae58f8fcdd7a3c60c68e96cb39259a2eb37350bc" +PACKAGE = "ethos-pdf" +VERSION = "0.1.1" +WHEEL = "ethos_pdf-0.1.1-py3-none-any.whl" +WHEEL_SHA256 = "e0292276e711e75d4f7e1bb8c2c6137c6e89d4c343dd308943eb9b22094ea451" +WHEEL_URL = "https://files.pythonhosted.org/packages/3d/c2/406c298e37fca7617c97ff9d74a30ab0a017a22f6025c8f2b74c25b5b39c/ethos_pdf-0.1.1-py3-none-any.whl" +WHEEL_SIZE = 11398 +UPLOAD_TIME = "2026-06-24T06:15:17.128860Z" +FORBIDDEN = ( + "production-ready", + "hosted surfaces approved", + "windows packaged artifacts approved", + "bundled pdfium approved", + "public benchmark claims approved", + "ethos-doc approved", + "ethos-rag approved", +) + + +def read(path: Path) -> str: + return path.read_text(encoding="utf-8") + + +def normalized(path: Path) -> str: + return re.sub(r"\s+", " ", read(path)) + + +def git(*args: str) -> str: + return subprocess.check_output( + ["git", *args], + cwd=ROOT, + encoding="utf-8", + stderr=subprocess.DEVNULL, + ).strip() + + +def pypi_release_json() -> dict: + with urllib.request.urlopen(f"https://pypi.org/pypi/{PACKAGE}/{VERSION}/json", timeout=30) as response: + return json.load(response) + + +class Patch011PythonPublicationCloseoutTests(unittest.TestCase): + def test_closeout_record_is_source_bound_and_indexed(self) -> None: + record = normalized(RECORD) + readme = normalized(VALIDATION_README) + + self.assertIn(RECORD.name, readme) + self.assertIn("patch 0.1.1 Python PyPI publication closeout", readme) + self.assertIn(f"Validated source HEAD before this record: `{SOURCE_SHORT}`", read(RECORD)) + self.assertIn(f"Patch 0.1.1 Python publication closeout source commit: `{SOURCE_COMMIT}`", record) + self.assertIn(f"Patch 0.1.1 Python publication closeout source tree: `{SOURCE_TREE}`", record) + self.assertEqual(SOURCE_COMMIT, git("rev-parse", SOURCE_SHORT)) + self.assertEqual(SOURCE_TREE, git("rev-parse", f"{SOURCE_SHORT}^{{tree}}")) + + def test_closeout_records_upload_and_registry_evidence(self) -> None: + record = normalized(RECORD) + + for expected in ( + "python3 -m twine upload /ethos_pdf-0.1.1-py3-none-any.whl", + "Uploading distributions to https://upload.pypi.org/legacy/", + "WARNING This environment is not supported for trusted publishing", + "Uploading ethos_pdf-0.1.1-py3-none-any.whl", + "View at: https://pypi.org/project/ethos-pdf/0.1.1/", + "twine check", + "PASSED", + "SOURCE_DATE_EPOCH=0", + PACKAGE, + VERSION, + WHEEL, + WHEEL_SHA256, + WHEEL_URL, + UPLOAD_TIME, + "bdist_wheel", + "py3", + "yanked: false", + "ETHOS_PDFIUM_LIBRARY_PATH", + ): + self.assertIn(expected, record) + + def test_live_pypi_reports_published_candidate(self) -> None: + data = pypi_release_json() + + self.assertEqual(PACKAGE, data["info"]["name"]) + self.assertEqual(VERSION, data["info"]["version"]) + self.assertEqual(">=3.8", data["info"]["requires_python"]) + self.assertEqual(1, len(data["urls"])) + file = data["urls"][0] + self.assertEqual(WHEEL, file["filename"]) + self.assertEqual("bdist_wheel", file["packagetype"]) + self.assertEqual("py3", file["python_version"]) + self.assertEqual(WHEEL_SHA256, file["digests"]["sha256"]) + self.assertEqual(WHEEL_URL, file["url"]) + self.assertEqual(WHEEL_SIZE, file["size"]) + self.assertEqual(UPLOAD_TIME, file["upload_time_iso_8601"]) + self.assertFalse(file["yanked"]) + + def test_retained_blockers_and_public_path_hygiene(self) -> None: + raw = read(RECORD) + lower = normalized(RECORD).lower() + + for expected in ( + "Public installation wording may be updated only in a separate bounded docs lane.", + "Hosted surfaces remain blocked.", + "Production positioning remains blocked.", + "Public benchmark reports remain blocked.", + "Public benchmark claims remain blocked.", + "Windows packaged artifacts remain blocked.", + "Bundled project-maintained PDFium builds remain blocked.", + "`ethos-doc` remains blocked.", + "`ethos-rag` remains blocked.", + "PDFium remains caller-provided through `ETHOS_PDFIUM_LIBRARY_PATH`.", + ): + self.assertIn(expected, raw) + for forbidden in FORBIDDEN: + self.assertNotIn(forbidden, lower) + self.assertNotIn("/Users/", raw) + self.assertNotIn("/tmp", raw) + self.assertNotIn("/private/tmp", raw) + self.assertNotIn("/private/var", raw) + self.assertNotIn("/var/folders", raw) + self.assertNotIn("saumildiwaker", raw) + + def test_release_candidate_prep_runs_closeout_after_decision_guard(self) -> None: + makefile = read(MAKEFILE) + decision_guard = "$(PYTHON) .github/scripts/test_patch_0_1_1_python_deterministic_wheel_approval_decision.py" + closeout_guard = "$(PYTHON) .github/scripts/test_patch_0_1_1_python_publication_closeout.py" + npm_guard = "$(PYTHON) .github/scripts/test_npm_binary_package_scaffold.py" + block = target_block("release-candidate-prep") + + self.assertIn(closeout_guard, block) + self.assertEqual(1, makefile.count(closeout_guard)) + self.assertLess(block.index(decision_guard), block.index(closeout_guard)) + self.assertLess(block.index(closeout_guard), block.index(npm_guard)) + + +if __name__ == "__main__": + unittest.main() diff --git a/.github/scripts/test_release_candidate_prep.py b/.github/scripts/test_release_candidate_prep.py index eb10cd3..657303d 100644 --- a/.github/scripts/test_release_candidate_prep.py +++ b/.github/scripts/test_release_candidate_prep.py @@ -35,6 +35,7 @@ "$(PYTHON) .github/scripts/test_patch_0_1_1_python_wheel_reproducibility_blocker.py", "$(PYTHON) .github/scripts/test_patch_0_1_1_python_deterministic_wheel_approval_request.py", "$(PYTHON) .github/scripts/test_patch_0_1_1_python_deterministic_wheel_approval_decision.py", + "$(PYTHON) .github/scripts/test_patch_0_1_1_python_publication_closeout.py", "$(PYTHON) .github/scripts/test_npm_binary_package_scaffold.py", "npm test --prefix packages/npm/ethos-pdf", "$(PYTHON) .github/scripts/test_npm_vendor_binary_payload_strategy.py", diff --git a/CHANGELOG.md b/CHANGELOG.md index 481cb8c..e2e47d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## Unreleased +- boundary-exception: close patch `0.1.1` Python PyPI publication with exact registry evidence; no public install wording, hosted, production, Windows, bundled PDFium, benchmark, `ethos-doc`, or `ethos-rag` boundary change. - boundary-exception: approve exact patch `0.1.1` deterministic Python PyPI wheel publication decision for later operator upload; no PyPI upload or support-boundary change. - boundary-exception: request exact patch `0.1.1` deterministic Python PyPI wheel approval for decider review; no PyPI upload or support-boundary change. - boundary-exception: record patch `0.1.1` Python wheel reproducibility blocker after pre-upload hash mismatch; no PyPI upload or support-boundary change. diff --git a/Makefile b/Makefile index ef5a8d5..12c5432 100644 --- a/Makefile +++ b/Makefile @@ -277,6 +277,7 @@ release-candidate-prep: $(PYTHON) .github/scripts/test_patch_0_1_1_python_wheel_reproducibility_blocker.py $(PYTHON) .github/scripts/test_patch_0_1_1_python_deterministic_wheel_approval_request.py $(PYTHON) .github/scripts/test_patch_0_1_1_python_deterministic_wheel_approval_decision.py + $(PYTHON) .github/scripts/test_patch_0_1_1_python_publication_closeout.py $(PYTHON) .github/scripts/test_npm_binary_package_scaffold.py npm test --prefix packages/npm/ethos-pdf $(PYTHON) .github/scripts/test_npm_vendor_binary_payload_strategy.py diff --git a/docs/validation/README.md b/docs/validation/README.md index 6008882..edd836b 100644 --- a/docs/validation/README.md +++ b/docs/validation/README.md @@ -636,6 +636,10 @@ recording the exact current-main source candidate and required follow-up evidenc 0.1.1 Python deterministic wheel approval decision validation accepts the exact `SOURCE_DATE_EPOCH=0` `ethos-pdf==0.1.1` wheel candidate, source binding, wheel metadata, deterministic SHA256, and retained blockers; operator upload remains pending. +- `patch-0-1-1-python-publication-closeout-validation-2026-06-24.md` - patch 0.1.1 + Python PyPI publication closeout validation records successful publication of the exact + deterministic `ethos-pdf==0.1.1` wheel and live PyPI registry verification while keeping public + installation wording in a separate bounded docs lane. - `milestone-e-validation-command-index-validation-2026-06-20.md` - internal Milestone E validation-command index validation passed through command-alignment checks, schema enum checks, row-record checks, public-surface posture checks, `make milestone-e-prep`, and diff hygiene; the diff --git a/docs/validation/patch-0-1-1-python-publication-closeout-validation-2026-06-24.md b/docs/validation/patch-0-1-1-python-publication-closeout-validation-2026-06-24.md new file mode 100644 index 0000000..f04b236 --- /dev/null +++ b/docs/validation/patch-0-1-1-python-publication-closeout-validation-2026-06-24.md @@ -0,0 +1,133 @@ +# Patch 0.1.1 Python PyPI Publication Closeout Validation - 2026-06-24 + +Validated source HEAD before this record: `2cab87d`. + +Patch 0.1.1 Python publication closeout source commit: +`2cab87df30443cb8e1c32489adc9b3123cac455f`. + +Patch 0.1.1 Python publication closeout source tree: +`ae58f8fcdd7a3c60c68e96cb39259a2eb37350bc`. + +Status: **patch 0.1.1 Python PyPI wheel published** + +This record closes the bounded patch `0.1.1` Python PyPI publication lane for +`ethos-pdf==0.1.1`. It records operator upload evidence and live PyPI registry verification for the +exact approved deterministic wheel. It does not approve hosted surfaces, production positioning, +Windows packaged artifacts, bundled project-maintained PDFium builds, `ethos-doc`, `ethos-rag`, +public benchmark reports, public benchmark claims, or broader public wording. + +## Published Package + +- Package: `ethos-pdf` +- Version: `0.1.1` +- Import package: `ethos_pdf` +- Registry: `https://pypi.org/` +- Project URL: `https://pypi.org/project/ethos-pdf/0.1.1/` +- Distribution: `ethos_pdf-0.1.1-py3-none-any.whl` +- Deterministic build input: `SOURCE_DATE_EPOCH=0` +- SHA256: + `e0292276e711e75d4f7e1bb8c2c6137c6e89d4c343dd308943eb9b22094ea451` + +## Operator Upload Evidence + +Pre-upload check: + +```text +python3 -m twine check /ethos_pdf-0.1.1-py3-none-any.whl +PASSED +``` + +Upload command: + +```text +python3 -m twine upload /ethos_pdf-0.1.1-py3-none-any.whl +``` + +Observed upload result: + +```text +Uploading distributions to https://upload.pypi.org/legacy/ +WARNING This environment is not supported for trusted publishing +Uploading ethos_pdf-0.1.1-py3-none-any.whl +View at: https://pypi.org/project/ethos-pdf/0.1.1/ +``` + +The upload used a PyPI-approved credential path. No credential is recorded in this repository. + +## Registry Verification + +Registry endpoint: + +```text +https://pypi.org/pypi/ethos-pdf/0.1.1/json +``` + +Result: + +```text +name: ethos-pdf +version: 0.1.1 +requires_python: >=3.8 +filename: ethos_pdf-0.1.1-py3-none-any.whl +packagetype: bdist_wheel +python_version: py3 +digests.sha256: e0292276e711e75d4f7e1bb8c2c6137c6e89d4c343dd308943eb9b22094ea451 +size: 11398 +upload_time_iso_8601: 2026-06-24T06:15:17.128860Z +yanked: false +url: https://files.pythonhosted.org/packages/3d/c2/406c298e37fca7617c97ff9d74a30ab0a017a22f6025c8f2b74c25b5b39c/ethos_pdf-0.1.1-py3-none-any.whl +``` + +## Approved Candidate Binding + +- Approval request record: + `docs/validation/patch-0-1-1-python-deterministic-wheel-approval-request-validation-2026-06-24.md` +- Approval decision record: + `docs/validation/patch-0-1-1-python-deterministic-wheel-approval-decision-validation-2026-06-24.md` +- Exact deterministic source commit: + `d3e3953b99fbc74669f82ee56b753de7db6e63e4` +- Exact deterministic source tree: + `8920cbc9bc6ae05ec0c417533513637eda12658d` +- Exact deterministic build input: `SOURCE_DATE_EPOCH=0` +- Exact wheel: `ethos_pdf-0.1.1-py3-none-any.whl` +- Exact wheel SHA256: + `e0292276e711e75d4f7e1bb8c2c6137c6e89d4c343dd308943eb9b22094ea451` +- Wheel metadata: `Name: ethos-pdf`, `Version: 0.1.1`, `Requires-Python: >=3.8`, + `Wheel-Version: 1.0`, `Root-Is-Purelib: true`, `Tag: py3-none-any`. + +## Retained Blockers + +- Public installation wording may be updated only in a separate bounded docs lane. +- Hosted surfaces remain blocked. +- Production positioning remains blocked. +- Public benchmark reports remain blocked. +- Public benchmark claims remain blocked. +- Windows packaged artifacts remain blocked. +- Bundled project-maintained PDFium builds remain blocked. +- `ethos-doc` remains blocked. +- `ethos-rag` remains blocked. +- PDFium remains caller-provided through `ETHOS_PDFIUM_LIBRARY_PATH`. + +## Commands + +```sh +SOURCE_DATE_EPOCH=0 python3 -m build --wheel --outdir +shasum -a 256 /ethos_pdf-0.1.1-py3-none-any.whl +python3 -m twine check /ethos_pdf-0.1.1-py3-none-any.whl +python3 -m twine upload /ethos_pdf-0.1.1-py3-none-any.whl +python3 .github/scripts/test_patch_0_1_1_python_publication_closeout.py +python3 .github/scripts/test_patch_0_1_1_python_deterministic_wheel_approval_decision.py +python3 .github/scripts/test_patch_0_1_1_python_deterministic_wheel_approval_request.py +python3 .github/scripts/test_python_public_api_policy.py +PYTHONPATH=python python3 -m unittest discover -s python/tests +make release-candidate-prep PYTHON=python3 +git diff --check +``` + +## Result + +```text +patch 0.1.1 Python PyPI publication closeout recorded +ethos-pdf 0.1.1 is live on PyPI as the approved deterministic py3-none-any wheel +Public installation wording must still be handled in a separate bounded docs lane +```