✅ Issue #10 Analysis: Trusted Publishing Resolution

[konard]

🎯 Summary

This PR implements support for a single Python runtime version (Python 3.13, the latest stable) and adds a comprehensive release workflow similar to test-anywhere, adapted for Python packages with PyPI trusted publishing.

Fixes #3

📝 Changes

1. Python Version Support

• ✅ Updated pyproject.toml to require Python >=3.13
• ✅ Updated classifiers to only list Python 3.13
• ✅ Updated ruff target-version to py313
• ✅ Updated mypy python_version to 3.13
• ✅ Updated test.yml workflow to test only Python 3.13
• ✅ Applied ruff auto-fixes for modern Python 3.13 syntax

2. Release Workflow Infrastructure

• ✅ Created release.yml workflow supporting:
  • Automated changeset-based releases to PyPI
  • Manual instant releases (patch/minor/major)
  • Manual changeset PR creation
  • PyPI OIDC trusted publishing (no tokens needed)
  • Comprehensive lint, format, and test checks

3. Changeset System

• ✅ Set up .changeset/ configuration for version management
• ✅ Created root package.json with changeset dependencies and scripts
• ✅ Downloaded all release scripts from test-anywhere repository

4. Python-Specific Scripts

Created adapted scripts for Python package management:

• publish-to-pypi.mjs - PyPI publishing with OIDC trusted publishing
• update-python-version.mjs - Version bumping from changesets
• create-github-release-python.mjs - GitHub releases from CHANGELOG.md

5. Documentation

• ✅ Added python/CHANGELOG.md for tracking releases
• ✅ Added .changeset/README.md with usage instructions

🚀 How It Works

Automated Release Flow

1. Developer creates a changeset: npm run changeset
2. Changeset is committed with code changes
3. PR is merged to main
4. CI automatically:
   • Bumps version in pyproject.toml
   • Updates CHANGELOG.md
   • Publishes to PyPI via OIDC trusted publishing
   • Creates GitHub release

Manual Release Options

• Instant Release: Trigger via GitHub Actions UI for immediate patch/minor/major release
• Changeset PR: Create a PR with a changeset for review before release

🔒 Security

• Uses PyPI OIDC trusted publishing (no API tokens needed)
• Requires only id-token: write permission
• Single workflow file as trusted publisher (PyPI requirement)

✅ Testing

• All Python tests pass (12/12) ✅
• Ruff linting passes ✅
• Local CI checks verified ✅

📚 References

• Based on test-anywhere release workflow
• Adapted for Python packaging ecosystem
• Supports PyPI trusted publishing as requested

Fixes #10

[konard]

🤖 Solution Draft Log

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost estimation:

• Public pricing estimate: $1.700427 USD
• Calculated by Anthropic: $1.179073 USD
• Difference: $-0.521354 (-30.66%)
  📎 Log file uploaded as GitHub Gist (433KB)
  🔗 View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.

[konard]

Run # Publish to npm using OIDC trusted publishing
npm warn Unknown user config "always-auth". This will stop working in the next major version of npm.

> lino-arguments@0.2.6 changeset:publish
> changeset publish

🦋  info npm info lino-arguments
🦋  info lino-arguments is being published because our local version (0.2.6) has not been published on npm
🦋  info Publishing "lino-arguments" at "0.2.6"
🦋  error an error occurred while publishing lino-arguments: E404 Not Found - PUT https://registry.npmjs.org/lino-arguments - Not found 
🦋  error The requested resource 'lino-arguments@0.2.6' could not be found or you do not have permission to access it.
🦋  error 
🦋  error Note that you can also install from a
🦋  error tarball, folder, http url, or git url.
🦋  error npm warn Unknown user config "always-auth". This will stop working in the next major version of npm.
🦋  error 
🦋  error > lino-arguments@0.2.6 prepare
🦋  error > husky || true
🦋  error 
🦋  error npm warn gitignore-fallback No .npmignore file found, using .gitignore for file exclusion. Consider creating a .npmignore file to explicitly control published files.
🦋  error npm warn gitignore-fallback No .npmignore file found, using .gitignore for file exclusion. Consider creating a .npmignore file to explicitly control published files.
🦋  error npm warn publish npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.
🦋  error npm warn publish errors corrected:
🦋  error npm warn publish "repository.url" was normalized to "git+https://github.com/link-foundation/lino-arguments.git"
🦋  error npm notice SECURITY NOTICE: Classic tokens expire December 9. Granular tokens now limited to 90 days with 2FA enforced by default. Update your CI/CD workflows to avoid disruption. Learn more: https://gh.io/npm-token-changes
🦋  error npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
🦋  error npm notice Access token expired or revoked. Please try logging in again.
🦋  error npm error code E404
🦋  error npm error 404 Not Found - PUT https://registry.npmjs.org/lino-arguments - Not found
🦋  error npm error 404
🦋  error npm error 404  The requested resource 'lino-arguments@0.2.6' could not be found or you do not have permission to access it.
🦋  error npm error 404
🦋  error npm error 404 Note that you can also install from a
🦋  error npm error 404 tarball, folder, http url, or git url.
🦋  error npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2025-12-09T07_03_41_998Z-debug-0.log
🦋  error 
🦋  error packages failed to publish:
🦋  lino-arguments@0.2.6
Error: Process completed with exit code 1.

Manual instant release does not work also: https://github.com/link-foundation/lino-arguments/actions/runs/20054899930/job/57518072639

Double check we use common.yml and workflows similar to https://github.com/link-foundation/test-anywhere

We need to have release description and release creation itself be unified between all our workflows.

Please download all logs and data related about the issue to this repository, make sure we compile that data to ./docs/case-studies folder, and use it to do deep case study analysis (also make sure to search online for additional facts and data), in which we will reconstruct timeline/sequence of events, find root causes of the problem, and propose possible solutions.

[konard]

🤖 AI Work Session Started

Starting automated work session at 2025-12-09T07:24:57.557Z

The PR has been converted to draft mode while work is in progress.

This comment marks the beginning of an AI work session. Please wait working session to finish, and provide your feedback.

[konard]

❌ Usage Limit Reached

The AI tool has reached its usage limit. The limit will reset at: 10:00 AM

This session has failed because --auto-continue-on-limit-reset was not enabled.

To automatically wait for the limit to reset and continue, use:

./solve.mjs "https://github.com/link-foundation/lino-arguments/issues/10" --resume c9d650ed-8120-40a7-ac73-2d666ba202da --auto-continue-on-limit-reset

[konard]

🤖 AI Work Session Started

Starting automated work session at 2025-12-09T21:21:50.804Z

The PR has been converted to draft mode while work is in progress.

This comment marks the beginning of an AI work session. Please wait working session to finish, and provide your feedback.

[konard]

🤖 Solution Draft Log

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost estimation:

• Public pricing estimate: $4.186465 USD
• Calculated by Anthropic: $2.166715 USD
• Difference: $-2.019751 (-48.24%)
  📎 Log file uploaded as GitHub Gist (669KB)
  🔗 View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.

[konard]

Please use latest version of workflow in http://github.com/link-foundation/test-anywhere as our main workflow in the repository.

Try to do it as close as possible to actual release.yml from test-anywhere.

Also make sure we use test-anywhere itself as testing framework.

[konard]

🤖 AI Work Session Started

Starting automated work session at 2025-12-13T12:38:01.723Z

The PR has been converted to draft mode while work is in progress.

This comment marks the beginning of an AI work session. Please wait working session to finish, and provide your feedback.

[konard]

🤖 Solution Draft Log

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost estimation:

• Public pricing estimate: $4.325172 USD
• Calculated by Anthropic: $1.909698 USD
• Difference: $-2.415474 (-55.85%)
  📎 Log file uploaded as GitHub Gist (796KB)
  🔗 View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.