Releases are published to PyPI automatically by
.github/workflows/publish.yml whenever a
GitHub Release is published. Publishing uses PyPI Trusted Publishing
(OIDC), so no API token or secret is ever stored in the repository.
Status: complete. The trusted publisher below is live for this repository, so this section does not need to be repeated. It is kept as a record and for anyone forking the project.
The repository publishes through a GitHub Actions trusted publisher configured on PyPI with these values:
| Field | Value |
|---|---|
| PyPI project name | sentineldeck |
| Owner | sanmaxdev |
| Repository | SentinelDeck |
| Workflow | publish.yml |
| Environment | pypi |
To reproduce it on a fork: create a PyPI account, then go to PyPI >
Your projects > Publishing > Add a pending publisher and enter the values
above, and create a matching GitHub Actions environment named pypi under
Settings > Environments. Adding required reviewers to that environment gives
you a manual approval gate before each publish.
- Bump
__version__insrc/sentineldeck/__init__.py, following semantic versioning. The package version is read from it, so this is the only place to change. - In
CHANGELOG.md, move the[Unreleased]notes under a new dated heading for the version, and leave a fresh empty[Unreleased]section above it. - Commit both changes to
main. - Tag the release and push the tag (replace the version):
git tag v0.1.1 git push origin v0.1.1
- On GitHub, draft a Release for that tag and publish it. Publishing
triggers
publish.yml, which builds the sdist and wheel, runstwine check, and uploads to PyPI over OIDC. - Confirm the new version appears at
https://pypi.org/project/sentineldeck/ and that
pip install -U sentineldeckpulls it.
Steps 4 and 5 can be done in one command with the GitHub CLI:
gh release create v0.1.1 --title "SentinelDeck 0.1.1" --notes "...".
Before tagging, you can confirm the package builds cleanly:
pip install build twine
python -m build
twine check dist/*