Merge pull request #243 from consideRatio/pr/new-release-system

maint: transition to pypi trusted workflow release, put tbump conf in pyproject.toml
jupyterhub · May 21, 2023 · 5d4724b · 5d4724b
2 parents 9d81d04 + f3b784f
commit 5d4724b
Show file tree

Hide file tree

Showing 5 changed files with 113 additions and 84 deletions.
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,56 @@
+# This is a GitHub workflow defining a set of jobs with a set of steps.
+# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
+#
+name: Release
+
+# Always tests wheel building, but only publish to PyPI on pushed tags.
+on:
+  pull_request:
+    paths-ignore:
+      - "docs/**"
+      - "**.md"
+      - ".github/workflows/*.yaml"
+      - "!.github/workflows/release.yaml"
+  push:
+    paths-ignore:
+      - "docs/**"
+      - "**.md"
+      - ".github/workflows/*.yaml"
+      - "!.github/workflows/release.yaml"
+    branches-ignore:
+      - "dependabot/**"
+      - "pre-commit-ci-update-config"
+    tags: ["**"]
+  workflow_dispatch:
+
+jobs:
+  build-release:
+    runs-on: ubuntu-22.04
+    permissions:
+      # id-token=write is required for pypa/gh-action-pypi-publish, and the PyPI
+      # project needs to be configured to trust this workflow.
+      #
+      # ref: https://github.com/jupyterhub/team-compass/issues/648
+      #
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+
+      - name: install build package
+        run: |
+          pip install --upgrade pip
+          pip install build
+          pip freeze
+
+      - name: build release
+        run: |
+          python -m build --sdist --wheel .
+          ls -l dist
+
+      - name: publish to pypi
+        uses: pypa/gh-action-pypi-publish@release/v1
+        if: startsWith(github.ref, 'refs/tags/')
diff --git a/RELEASE.md b/RELEASE.md
@@ -1,42 +1,53 @@
 # How to make a release
 
-`jupyterhub-nativeauthenticator` is a package [available on
-PyPI](https://pypi.org/project/jupyterhub-nativeauthenticator/). These are
-instructions on how to make a release on PyPI. The PyPI release is done
-automatically by CI when a tag is pushed.
+`jupyterhub-tmpauthenticator` is a package available on [PyPI].
 
-For you to follow along according to these instructions, you need:
+These are the instructions on how to make a release.
 
-- To have push rights to the [jupyterhub GitHub repository](https://github.com/jupyterhub/nativeauthenticator).
-- To have [`tbump`](https://pypi.org/project/tbump) installed.
+## Pre-requisites
+
+- Push rights to this GitHub repository
 
 ## Steps to make a release
 
-1. Make sure `CHANGELOG.md` is up-to-date using [github-activity][] ahead of
-   time in a dedicated PR.
+1. Create a PR updating `CHANGELOG.md` with [github-activity] and continue when
+   its merged.
+
+   Advice on this procedure can be found in [this team compass
+   issue](https://github.com/jupyterhub/team-compass/issues/563).
 
-1. Checkout main and make sure it is up to date.
+2. Checkout main and make sure it is up to date.
 
    ```shell
-   ORIGIN=${ORIGIN:-origin} # set to the canonical remote, e.g. 'upstream' if 'origin' is not the official repo
    git checkout main
-   git fetch $ORIGIN main
-   git reset --hard $ORIGIN/main
+   git fetch origin main
+   git reset --hard origin/main
+   ```
+
+3. Update the version, make commits, and push a git tag with `tbump`.
+
+   ```shell
+   pip install tbump
    ```
 
-1. Update the version with `tbump`. You can see what will happen without making
-   any changes with `tbump --dry-run ${VERSION}`.
+   `tbump` will ask for confirmation before doing anything.
 
    ```shell
+   # Example versions to set: 1.0.0, 1.0.0b1
+   VERSION=
    tbump ${VERSION}
    ```
 
-   This will tag and publish a release, which will be finished on CI.
+   Following this, the [CI system] will build and publish a release.
 
-1. Reset the version back to dev, e.g. `2.1.0.dev` after releasing `2.0.0`
+4. Reset the version back to dev, e.g. `1.0.1.dev` after releasing `1.0.0`.
 
    ```shell
+   # Example version to set: 1.0.1.dev
+   NEXT_VERSION=
    tbump --no-tag ${NEXT_VERSION}.dev
    ```
 
 [github-activity]: https://github.com/executablebooks/github-activity
+[pypi]: https://pypi.org/project/jupyterhub-nativeauthenticator/
+[ci system]: https://github.com/jupyterhub/jupyterhub-nativeauthenticator/actions/workflows/release.yaml
diff --git a/pyproject.toml b/pyproject.toml
@@ -31,3 +31,32 @@ target_version = [
 #
 [tool.isort]
 profile = "black"
+
+
+# tbump is used to simplify and standardize the release process when updating
+# the version, making a git commit and tag, and pushing changes.
+#
+# ref: https://github.com/your-tools/tbump#readme
+#
+[tool.tbump]
+github_url = "https://github.com/jupyterhub/nativeauthenticator"
+
+[tool.tbump.version]
+current = "1.2.0.dev"
+regex = '''
+    (?P<major>\d+)
+    \.
+    (?P<minor>\d+)
+    \.
+    (?P<patch>\d+)
+    (?P<pre>((a|b|rc)\d+)|)
+    \.?
+    (?P<dev>(?<=\.)dev\d*|)
+'''
+
+[tool.tbump.git]
+message_template = "Bump to {new_version}"
+tag_template = "{new_version}"
+
+[[tool.tbump.file]]
+src = "setup.py"
diff --git a/tbump.toml b/tbump.toml