From 1fb9ba1015ea34aa40baa79d89166059865f4d9f Mon Sep 17 00:00:00 2001 From: William Bergamin Date: Tue, 4 Nov 2025 14:28:04 -0500 Subject: [PATCH 1/6] chore: simplify the release process --- .github/maintainers_guide.md | 17 ++++-- .github/release.yml | 24 +++++++++ .github/workflows/pypi-release.yml | 83 ++++++++++++++++++++++++++++++ .github/workflows/release.yml | 34 ------------ 4 files changed, 120 insertions(+), 38 deletions(-) create mode 100644 .github/release.yml create mode 100644 .github/workflows/pypi-release.yml delete mode 100644 .github/workflows/release.yml diff --git a/.github/maintainers_guide.md b/.github/maintainers_guide.md index 62e0eeb..4eb3fe9 100644 --- a/.github/maintainers_guide.md +++ b/.github/maintainers_guide.md @@ -113,13 +113,22 @@ If you want to test the package locally you can. [TestPyPI](https://test.pypi.org/) is a separate instance of the Python Package Index that allows you to try distribution tools and processes without affecting -the real index. This is useful with changes that relate to the package itself, -example the contents of the `pyproject.toml` +the real index. This is particularly useful when making changes related to the +package configuration itself, for example, modifications to the `pyproject.toml` file. -The following can be used to deploy this project on . +You can deploy this project to TestPyPI using GitHub Actions. -```zsh +To deploy using GitHub Actions: + +1. Push your changes to a branch or tag +2. Navigate to +3. Click on "Run workflow" +4. Select your branch or tag from the dropdown +5. Click "Run workflow" to build and deploy your branch to TestPyPI + +Alternatively, you can deploy from your local machine with: +```sh ./scripts/deploy_to_test_pypi.sh ``` diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 0000000..b2574b7 --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,24 @@ +# https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes#configuring-automatically-generated-release-notes +changelog: + categories: + - title: ๐Ÿš€ Enhancements + labels: + - enhancement + - title: ๐Ÿ› Bug Fixes + labels: + - bug + - title: ๐Ÿ“š Documentation + labels: + - docs + - title: ๐Ÿค– Build + labels: + - build + - title: ๐Ÿงช Testing/Code Health + labels: + - code health + - title: ๐Ÿ”’ Security + labels: + - security + - title: ๐Ÿ“ฆ Other changes + labels: + - "*" diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/pypi-release.yml new file mode 100644 index 0000000..c5d3484 --- /dev/null +++ b/.github/workflows/pypi-release.yml @@ -0,0 +1,83 @@ +name: Upload A Release to pypi.org or test.pypi.org + +on: + release: + types: + - published + workflow_dispatch: + inputs: + dry_run: + description: "Dry run (build only, do not publish)" + required: false + type: boolean + default: false + +jobs: + release-build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + + - name: Set up Python + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + with: + python-version: "3.x" + + - name: Build release distributions + run: | + scripts/build_pypi_package.sh + + - name: Persist dist folder + uses: actions/upload-artifact@v4 + with: + name: release-dist + path: dist/ + + test-pypi-publish: + runs-on: ubuntu-latest + needs: + - release-build + if: github.event_name == 'workflow_dispatch' && !github.event.inputs.dry_run + environment: + name: testpypi + permissions: + id-token: write + + steps: + - name: Retrieve dist folder + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + with: + name: release-dist + path: dist/ + + - name: Publish release distributions to test.pypi.org + # Using OIDC for PyPI publishing (no API tokens needed) + # See: https://docs.github.com/en/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-pypi + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 + with: + repository-url: https://test.pypi.org/legacy/ + + pypi-publish: + runs-on: ubuntu-latest + needs: + - release-build + if: github.event_name == 'release' + environment: + name: pypi + permissions: + id-token: write + + steps: + - name: Retrieve dist folder + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + with: + name: release-dist + path: dist/ + + - name: Publish release distributions to test.pypi.org + # Using OIDC for PyPI publishing (no API tokens needed) + # See: https://docs.github.com/en/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-pypi + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 057d2bb..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Upload A Release To Pypi - -on: - release: - types: - - published - -jobs: - deploy: - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - persist-credentials: false - - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 - with: - python-version: "3.x" - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install build - pip install twine - - name: Build package - run: | - python -m build - twine check dist/* - - name: Publish package - run: twine upload dist/* - env: - TWINE_USERNAME: ${{ secrets.PYPI_USER }} - TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} From a708632e4d42e1bc96d0b67bdc1ddd60921cb823 Mon Sep 17 00:00:00 2001 From: William Bergamin Date: Tue, 4 Nov 2025 14:35:13 -0500 Subject: [PATCH 2/6] Potential fix for code scanning alert no. 1: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/pypi-release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/pypi-release.yml index c5d3484..0e39435 100644 --- a/.github/workflows/pypi-release.yml +++ b/.github/workflows/pypi-release.yml @@ -15,6 +15,8 @@ on: jobs: release-build: runs-on: ubuntu-latest + permissions: + contents: read steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 From d0c8ce589c1e81fdd329926ce22e6d1ef857d2e1 Mon Sep 17 00:00:00 2001 From: William Bergamin Date: Tue, 4 Nov 2025 14:41:07 -0500 Subject: [PATCH 3/6] Update maintainers_guide.md --- .github/maintainers_guide.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/maintainers_guide.md b/.github/maintainers_guide.md index 4eb3fe9..9c4f21a 100644 --- a/.github/maintainers_guide.md +++ b/.github/maintainers_guide.md @@ -10,14 +10,14 @@ this project. If you use this package within your own software as is but don't p We recommend using [pyenv](https://github.com/pyenv/pyenv) for Python runtime management. If you use macOS, follow the following steps: -```zsh +```sh brew update brew install pyenv ``` Install necessary Python runtimes for development/testing. You can rely on GitHub Actions for testing with various major versions. -```zsh +```sh pyenv install -l | grep -v "-e[conda|stackless|pypy]" pyenv install 3.9.18 # select the latest patch version @@ -34,7 +34,7 @@ pyenv rehash Then, you can create a new Virtual Environment this way: -```zsh +```sh python -m venv env_3.9.18 source env_3.9.18/bin/activate ``` @@ -49,38 +49,38 @@ If you make some changes to this project, please write corresponding unit tests If this is your first time to run tests, although it may take a bit longer, running the following script is the easiest. -```zsh +```sh ./scripts/install_and_run_tests.sh ``` To simply install all the development dependencies for this project. -```zsh +```sh ./scripts/install.sh ``` Once you installed all the required dependencies, you can use the following. -```zsh +```sh ./scripts/run_tests.sh ./scripts/run_tests.sh tests/scenario_test/test_get_hooks.py ``` To format this project -```zsh +```sh ./scripts/format.sh ``` To lint this project -```zsh +```sh ./scripts/lint.sh ``` This project uses [mypy](https://mypy.readthedocs.io/en/stable/index.html) to check and infers types for your Python code. -```zsh +```sh ./scripts/run_mypy.sh ``` @@ -92,7 +92,7 @@ If you want to test the package locally you can. - Run - ```zsh + ```sh scripts/build_pypi_package.sh ``` @@ -103,7 +103,7 @@ If you want to test the package locally you can. - Example `/dist/slack_cli_hooks-1.2.3-py2.py3-none-any.whl` was created - From anywhere on your machine you can install this package to a project with - ```zsh + ```sh pip install /dist/slack_cli_hooks-1.2.3-py2.py3-none-any.whl ``` From f60e8daa9edc13d4bc3550077c885114a5a127f6 Mon Sep 17 00:00:00 2001 From: William Bergamin Date: Tue, 4 Nov 2025 15:32:49 -0500 Subject: [PATCH 4/6] Apply suggestions from code review Co-authored-by: Eden Zimbelman --- .github/workflows/pypi-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/pypi-release.yml index 0e39435..06242ea 100644 --- a/.github/workflows/pypi-release.yml +++ b/.github/workflows/pypi-release.yml @@ -33,7 +33,7 @@ jobs: scripts/build_pypi_package.sh - name: Persist dist folder - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: release-dist path: dist/ From fb67383cf2cfb3891cb88ed5985cf146ba22772d Mon Sep 17 00:00:00 2001 From: William Bergamin Date: Tue, 4 Nov 2025 15:33:23 -0500 Subject: [PATCH 5/6] Apply suggestions from code review Co-authored-by: Eden Zimbelman --- .github/workflows/pypi-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/pypi-release.yml index 06242ea..d0cc600 100644 --- a/.github/workflows/pypi-release.yml +++ b/.github/workflows/pypi-release.yml @@ -42,7 +42,7 @@ jobs: runs-on: ubuntu-latest needs: - release-build - if: github.event_name == 'workflow_dispatch' && !github.event.inputs.dry_run + if: ${{ github.event_name == 'workflow_dispatch' && !github.event.inputs.dry_run }} environment: name: testpypi permissions: From 24f20212e4874ee70d35a946864bcb000989ea5d Mon Sep 17 00:00:00 2001 From: William Bergamin Date: Tue, 4 Nov 2025 15:35:01 -0500 Subject: [PATCH 6/6] ensure consistency --- .github/workflows/pypi-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/pypi-release.yml index d0cc600..428efa9 100644 --- a/.github/workflows/pypi-release.yml +++ b/.github/workflows/pypi-release.yml @@ -66,7 +66,7 @@ jobs: runs-on: ubuntu-latest needs: - release-build - if: github.event_name == 'release' + if: ${{ github.event_name == 'release' }} environment: name: pypi permissions: