From a6ffae56fea8d06f16077d36478debecb8c5de73 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Thu, 24 Oct 2024 10:27:40 -0700 Subject: [PATCH 01/23] Initial draft of GIthub Actions workflow --- .github/workflows/publish_to_pypi.yml | 35 +++++++++++++++++++++++++++ pyproject.toml | 2 +- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/publish_to_pypi.yml diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml new file mode 100644 index 000000000..7fc5a94ae --- /dev/null +++ b/.github/workflows/publish_to_pypi.yml @@ -0,0 +1,35 @@ +name: Publish Python 🐍 distribution 📦 to PyPI and TestPyPI + +on: push +jobs: + build: + name: Build distribution 📦 + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.x" + - name: Build a binary wheel and a source tarball + run: poetry build + - name: Store the distribution packages + uses: actions/upload-artifact@v4 + with: + name: python-package-distributions + path: dist/ + publish-to-pypi: + name: >- + Publish Python 🐍 distribution 📦 to PyPI + runs-on: ubuntu-latest + permissions: + id-token: write # IMPORTANT: mandatory for trusted publishing + steps: + - name: Download all the dists + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ + - name: Publish distribution 📦 to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/pyproject.toml b/pyproject.toml index f8e5b7a9f..67a98fcaf 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,5 +1,5 @@ [tool.poetry] -name = "xrpl-py" +name = "xrpl-py-release-test" version = "3.0.0" description = "A complete Python library for interacting with the XRP ledger" readme = "README.md" From c63b7e405d149875569972edb787b335db0dcbfd Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Thu, 24 Oct 2024 10:39:27 -0700 Subject: [PATCH 02/23] install (or) load poetry from cache --- .github/workflows/publish_to_pypi.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index 7fc5a94ae..48ba8b2ff 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -1,4 +1,6 @@ -name: Publish Python 🐍 distribution 📦 to PyPI and TestPyPI +name: Publish xrpl-py 🐍 distribution 📦 to PyPI +env: + POETRY_VERSION: 1.8.3 on: push jobs: @@ -12,6 +14,17 @@ jobs: uses: actions/setup-python@v5 with: python-version: "3.x" + - name: Load cached .local + id: cache-poetry + uses: actions/cache@v3 + with: + path: /home/runner/.local + key: dotlocal-${{ env.POETRY_VERSION }} + - name: Install poetry + if: steps.cache-poetry.outputs.cache-hit != 'true' + run: | + curl -sSL https://install.python-poetry.org/ | python - --version ${{ env.POETRY_VERSION }} + echo "$HOME/.local/bin" >> $GITHUB_PATH - name: Build a binary wheel and a source tarball run: poetry build - name: Store the distribution packages From 20a1d9e88698919119e20d2d8ab7e2ca54224421 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Thu, 24 Oct 2024 14:55:44 -0700 Subject: [PATCH 03/23] Github Actions: Publish tagged commits into PyPI --- .github/workflows/publish_to_pypi.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index 48ba8b2ff..9f94c3524 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -35,6 +35,7 @@ jobs: publish-to-pypi: name: >- Publish Python 🐍 distribution 📦 to PyPI + if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes runs-on: ubuntu-latest permissions: id-token: write # IMPORTANT: mandatory for trusted publishing From a7d2fee0a1cc234d9b59ba484ac2e8d0968c5943 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Thu, 24 Oct 2024 15:01:27 -0700 Subject: [PATCH 04/23] Update version on the least-significant-digit -- this should not trigger PyPI publish Github Actions --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 67a98fcaf..134603866 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "xrpl-py-release-test" -version = "3.0.0" +version = "3.0.1" description = "A complete Python library for interacting with the XRP ledger" readme = "README.md" repository = "https://github.com/XRPLF/xrpl-py" From f99a48310b0e530290957b503beaa1b88caa6244 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Thu, 24 Oct 2024 15:04:49 -0700 Subject: [PATCH 05/23] Update minor version of the project --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 134603866..17df7e785 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "xrpl-py-release-test" -version = "3.0.1" +version = "3.0.2" description = "A complete Python library for interacting with the XRP ledger" readme = "README.md" repository = "https://github.com/XRPLF/xrpl-py" From 7fe66c536d91a24ddba9242027235f4cb0bbc359 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Fri, 25 Oct 2024 12:05:54 -0700 Subject: [PATCH 06/23] Update the instructions for the Release process --- CONTRIBUTING.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index af34609b7..6a1b49cbe 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -202,7 +202,18 @@ This should almost always be done using the [`xrpl-codec-gen`](https://github.co - Merge your changes. ### Release - +1. Please increment the version in `pyproject.toml` and update the `CHANGELOG.md` file appropriately. We follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +2. Please select a commit that is suitable for release and create a tag. The following commands can be helpful: +`git tag -s -a -m "Optional Message describing the tag"` +`git tag` -- This command displays all the tags in the repository. +`git push tag ` +3. A [Github Workflow](.github/workflows/publish_to_pypi.yml) completes the rest of the Release steps (building the project, generating a .whl and tarball, publishing on the PyPI platform). The workflow uses OpenID Connect's temporary keys to obtain the necessary PyPI authorization. +As a prerequisite, the PyPI `xrpl-py` project needs to authorize Github Actions as a "Trusted Publisher". This page contains helpful resources: https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#configuring-trusted-publishing +4. Send an email to [xrpl-announce](https://groups.google.com/g/xrpl-announce). +5. Post an announcement in the [XRPL Discord #python channel](https://discord.com/channels/886050993802985492/886053080913821717) with a link to the changes and highlighting key changes. + + +**Note: If maintainers prefer to manually release the xrpl-py software distribution, the below steps are relevant.** 1. Create a branch off main that properly increments the version in `pyproject.toml` and updates the `CHANGELOG` appropriately. We follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 2. Merge this branch into `main`. 3. Locally build and download the package. From 39e344ccecd4b06a9c3857588923dbb0cf6b382d Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Sat, 26 Oct 2024 13:46:07 -0700 Subject: [PATCH 07/23] Include sigstore signatures, automatic github-release process --- .github/workflows/publish_to_pypi.yml | 43 +++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index 9f94c3524..b071d84ef 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -47,3 +47,46 @@ jobs: path: dist/ - name: Publish distribution 📦 to PyPI uses: pypa/gh-action-pypi-publish@release/v1 + + github-release: + name: >- + Sign the Python 🐍 distribution 📦 with Sigstore + and upload them to GitHub Release + needs: + - publish-to-pypi + runs-on: ubuntu-latest + + permissions: + contents: write # IMPORTANT: mandatory for making GitHub Releases + id-token: write # IMPORTANT: mandatory for sigstore + + steps: + - name: Download all the dists + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ + - name: Sign the dists with Sigstore + uses: sigstore/gh-action-sigstore-python@v2.1.1 + with: + inputs: >- + ./dist/*.tar.gz + ./dist/*.whl + - name: Create GitHub Release + env: + GITHUB_TOKEN: ${{ github.token }} + run: >- + gh release create + '${{ github.ref_name }}' + --repo '${{ github.repository }}' + --notes "" + - name: Upload artifact signatures to GitHub Release + env: + GITHUB_TOKEN: ${{ github.token }} + # Upload to GitHub Release using the `gh` CLI. + # `dist/` contains the built packages, and the + # sigstore-produced signatures and certificates. + run: >- + gh release upload + '${{ github.ref_name }}' dist/** + --repo '${{ github.repository }}' From e81ac653fc4259c1ec7c7889c8f1cd46a7940a5a Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Sat, 26 Oct 2024 14:02:41 -0700 Subject: [PATCH 08/23] auto-generate release notes --- .github/workflows/publish_to_pypi.yml | 2 +- pyproject.toml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index b071d84ef..251293796 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -79,7 +79,7 @@ jobs: gh release create '${{ github.ref_name }}' --repo '${{ github.repository }}' - --notes "" + --generate-notes - name: Upload artifact signatures to GitHub Release env: GITHUB_TOKEN: ${{ github.token }} diff --git a/pyproject.toml b/pyproject.toml index 17df7e785..d305795a7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] -name = "xrpl-py-release-test" -version = "3.0.2" +name = "xrpl-py-release-test-1" +version = "3.0.4" description = "A complete Python library for interacting with the XRP ledger" readme = "README.md" repository = "https://github.com/XRPLF/xrpl-py" From 80d1061910131d60df08affc0575e88769352ce5 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Mon, 28 Oct 2024 13:25:03 -0700 Subject: [PATCH 09/23] revert the changes to project name and project-version --- pyproject.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index d305795a7..f8e5b7a9f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] -name = "xrpl-py-release-test-1" -version = "3.0.4" +name = "xrpl-py" +version = "3.0.0" description = "A complete Python library for interacting with the XRP ledger" readme = "README.md" repository = "https://github.com/XRPLF/xrpl-py" From 5d32faef01193792b69bd6ce7d7f3636e93dc992 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Mon, 28 Oct 2024 13:31:35 -0700 Subject: [PATCH 10/23] include code-rabbit's suggestions --- .github/workflows/publish_to_pypi.yml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index 251293796..bec359e05 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -1,12 +1,15 @@ name: Publish xrpl-py 🐍 distribution 📦 to PyPI -env: - POETRY_VERSION: 1.8.3 +on: + push: + tags: + - 'v*' # Run on version tags only -on: push jobs: build: name: Build distribution 📦 runs-on: ubuntu-latest + env: + POETRY_VERSION: 1.8.3 steps: - uses: actions/checkout@v4 @@ -27,6 +30,11 @@ jobs: echo "$HOME/.local/bin" >> $GITHUB_PATH - name: Build a binary wheel and a source tarball run: poetry build + - name: Verify build artifacts + run: | + ls dist/*.whl dist/*.tar.gz || exit 1 + pip install check-wheel-contents + check-wheel-contents dist/*.whl - name: Store the distribution packages uses: actions/upload-artifact@v4 with: From 441725f1e3c52ce576bb25f6dd7ecb9c6c69e5f6 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S <21219765+ckeshava@users.noreply.github.com> Date: Mon, 28 Oct 2024 13:34:18 -0700 Subject: [PATCH 11/23] Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/publish_to_pypi.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index bec359e05..c42c61a6b 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -26,8 +26,9 @@ jobs: - name: Install poetry if: steps.cache-poetry.outputs.cache-hit != 'true' run: | - curl -sSL https://install.python-poetry.org/ | python - --version ${{ env.POETRY_VERSION }} - echo "$HOME/.local/bin" >> $GITHUB_PATH + curl -sSL https://install.python-poetry.org/ | python - --version "${{ env.POETRY_VERSION }}" + echo "${HOME}/.local/bin" >> $GITHUB_PATH + poetry --version || exit 1 # Verify installation - name: Build a binary wheel and a source tarball run: poetry build - name: Verify build artifacts From 3d4553e638bdef59d6b12321e82f1c46d7957dd3 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S <21219765+ckeshava@users.noreply.github.com> Date: Mon, 28 Oct 2024 13:35:41 -0700 Subject: [PATCH 12/23] Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/publish_to_pypi.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index c42c61a6b..a7e48b45f 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -46,6 +46,7 @@ jobs: Publish Python 🐍 distribution 📦 to PyPI if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes runs-on: ubuntu-latest + timeout-minutes: 10 # Adjust based on typical publishing time permissions: id-token: write # IMPORTANT: mandatory for trusted publishing steps: From 4c81e462275566cf0a77ba2bf486c0d796a68833 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S <21219765+ckeshava@users.noreply.github.com> Date: Mon, 28 Oct 2024 13:36:25 -0700 Subject: [PATCH 13/23] Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/publish_to_pypi.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index a7e48b45f..eef2b1558 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -65,6 +65,7 @@ jobs: needs: - publish-to-pypi runs-on: ubuntu-latest + timeout-minutes: 15 # Adjust based on typical signing and release time permissions: contents: write # IMPORTANT: mandatory for making GitHub Releases From cf22e328dadf64b333b1000c13adbe7b392c0102 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S <21219765+ckeshava@users.noreply.github.com> Date: Mon, 28 Oct 2024 13:42:54 -0700 Subject: [PATCH 14/23] Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/publish_to_pypi.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index eef2b1558..f9dd3f376 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -90,7 +90,8 @@ jobs: gh release create '${{ github.ref_name }}' --repo '${{ github.repository }}' - --generate-notes + --generate-notes || + (echo "::error::Failed to create release" && exit 1) - name: Upload artifact signatures to GitHub Release env: GITHUB_TOKEN: ${{ github.token }} From 51018bf0f074586a8ed8a490ddb2315c11940bb8 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Mon, 28 Oct 2024 13:48:23 -0700 Subject: [PATCH 15/23] incoroprate CodeRabbit suggestions: part 2 --- .github/workflows/publish_to_pypi.yml | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index f9dd3f376..ffa6f6875 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -16,7 +16,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: "3.x" + python-version: ">=3.8,<3.13" - name: Load cached .local id: cache-poetry uses: actions/cache@v3 @@ -95,10 +95,16 @@ jobs: - name: Upload artifact signatures to GitHub Release env: GITHUB_TOKEN: ${{ github.token }} - # Upload to GitHub Release using the `gh` CLI. - # `dist/` contains the built packages, and the - # sigstore-produced signatures and certificates. - run: >- - gh release upload - '${{ github.ref_name }}' dist/** - --repo '${{ github.repository }}' + # Verify signature files exist + run: | + if ! ls dist/*.sigstore >/dev/null 2>&1; then + echo "::error::Signature files not found" + exit 1 + fi + + # Upload to GitHub Release using the `gh` CLI. + # `dist/` contains the built packages, and the + # sigstore-produced signatures and certificates. + gh release upload + '${{ github.ref_name }}' dist/** + --repo '${{ github.repository }}' From bc2d821386e8006afd88ee431292c364e259ba38 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Mon, 28 Oct 2024 13:58:55 -0700 Subject: [PATCH 16/23] CodeRabbitAI suggestions part-3 --- .github/workflows/publish_to_pypi.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index ffa6f6875..1a873450b 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -45,6 +45,7 @@ jobs: name: >- Publish Python 🐍 distribution 📦 to PyPI if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes + needs: build # Explicit dependency on build job runs-on: ubuntu-latest timeout-minutes: 10 # Adjust based on typical publishing time permissions: @@ -55,8 +56,14 @@ jobs: with: name: python-package-distributions path: dist/ + - name: Verify downloaded artifacts + run: | + ls dist/*.whl dist/*.tar.gz || exit 1 - name: Publish distribution 📦 to PyPI uses: pypa/gh-action-pypi-publish@release/v1 + with: + retry-on-error: true + verbose: true github-release: name: >- From 9bcda8ebe2fccc26cfb3541f63fb6a819becb0b7 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Mon, 28 Oct 2024 14:00:26 -0700 Subject: [PATCH 17/23] remove the redundant check condition --- .github/workflows/publish_to_pypi.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index 1a873450b..62f837baf 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -44,7 +44,6 @@ jobs: publish-to-pypi: name: >- Publish Python 🐍 distribution 📦 to PyPI - if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes needs: build # Explicit dependency on build job runs-on: ubuntu-latest timeout-minutes: 10 # Adjust based on typical publishing time From cde467ce8a89f132cac804d1e36bba1773b5fdab Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S <21219765+ckeshava@users.noreply.github.com> Date: Tue, 29 Oct 2024 13:14:58 -0700 Subject: [PATCH 18/23] Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/publish_to_pypi.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index 62f837baf..ba7cf207e 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -26,7 +26,7 @@ jobs: - name: Install poetry if: steps.cache-poetry.outputs.cache-hit != 'true' run: | - curl -sSL https://install.python-poetry.org/ | python - --version "${{ env.POETRY_VERSION }}" + curl -sSL "https://install.python-poetry.org/" | python - --version "${{ env.POETRY_VERSION }}" echo "${HOME}/.local/bin" >> $GITHUB_PATH poetry --version || exit 1 # Verify installation - name: Build a binary wheel and a source tarball From c9ee19aac52e271f484db8fb841062037c01878f Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S <21219765+ckeshava@users.noreply.github.com> Date: Tue, 29 Oct 2024 13:19:10 -0700 Subject: [PATCH 19/23] Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/publish_to_pypi.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index ba7cf207e..3adc5cdad 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -61,7 +61,7 @@ jobs: - name: Publish distribution 📦 to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: - retry-on-error: true + verbose: true verbose: true github-release: From 71f529e9904306af87e4bce0ff8ffd40e68e658b Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Tue, 29 Oct 2024 13:19:56 -0700 Subject: [PATCH 20/23] include resources about Trusted Publishing on PyPI --- .github/workflows/publish_to_pypi.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index 3adc5cdad..b6f4213dc 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -48,6 +48,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 # Adjust based on typical publishing time permissions: + # More information about Trusted Publishing and OpenID Connect: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/ id-token: write # IMPORTANT: mandatory for trusted publishing steps: - name: Download all the dists From 817d97d08228e3fb72a7fee204ef4381b1db9893 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S Date: Tue, 29 Oct 2024 14:09:31 -0700 Subject: [PATCH 21/23] Rectify the errors in the Github Actions file remove the check-wheel-contents usage; poetry build does not adhere to the required standards of the tool --- .github/workflows/publish_to_pypi.yml | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index b6f4213dc..159c3fc57 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -2,7 +2,7 @@ name: Publish xrpl-py 🐍 distribution 📦 to PyPI on: push: tags: - - 'v*' # Run on version tags only + - '*' jobs: build: @@ -16,7 +16,8 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: ">=3.8,<3.13" + # Use the lowest supported version of Python for CI/CD + python-version: "3.8" - name: Load cached .local id: cache-poetry uses: actions/cache@v3 @@ -31,11 +32,6 @@ jobs: poetry --version || exit 1 # Verify installation - name: Build a binary wheel and a source tarball run: poetry build - - name: Verify build artifacts - run: | - ls dist/*.whl dist/*.tar.gz || exit 1 - pip install check-wheel-contents - check-wheel-contents dist/*.whl - name: Store the distribution packages uses: actions/upload-artifact@v4 with: @@ -63,7 +59,6 @@ jobs: uses: pypa/gh-action-pypi-publish@release/v1 with: verbose: true - verbose: true github-release: name: >- @@ -102,16 +97,10 @@ jobs: - name: Upload artifact signatures to GitHub Release env: GITHUB_TOKEN: ${{ github.token }} - # Verify signature files exist - run: | - if ! ls dist/*.sigstore >/dev/null 2>&1; then - echo "::error::Signature files not found" - exit 1 - fi - # Upload to GitHub Release using the `gh` CLI. # `dist/` contains the built packages, and the # sigstore-produced signatures and certificates. - gh release upload - '${{ github.ref_name }}' dist/** - --repo '${{ github.repository }}' + run: >- + gh release upload + '${{ github.ref_name }}' dist/** + --repo '${{ github.repository }}' From fd487b71be8c7fd1b9a0924d411ed3e9b6ab9445 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S <21219765+ckeshava@users.noreply.github.com> Date: Tue, 29 Oct 2024 15:51:42 -0700 Subject: [PATCH 22/23] Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/publish_to_pypi.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index 159c3fc57..54a7f16d5 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -59,6 +59,7 @@ jobs: uses: pypa/gh-action-pypi-publish@release/v1 with: verbose: true + verify-metadata: true github-release: name: >- From e0260b4f8cec9bbe85121d9f4c998ba1a5797c4d Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S <21219765+ckeshava@users.noreply.github.com> Date: Tue, 29 Oct 2024 15:53:56 -0700 Subject: [PATCH 23/23] Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/publish_to_pypi.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index 54a7f16d5..2111e7992 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -23,7 +23,7 @@ jobs: uses: actions/cache@v3 with: path: /home/runner/.local - key: dotlocal-${{ env.POETRY_VERSION }} + key: dotlocal-${{ env.POETRY_VERSION }}-${{ hashFiles('poetry.lock') }} - name: Install poetry if: steps.cache-poetry.outputs.cache-hit != 'true' run: |