Skip to content

Add dedicated release workflow with PyPI trusted publishers#251

Merged
tonybaloney merged 1 commit into
masterfrom
release-pipeline
Apr 26, 2026
Merged

Add dedicated release workflow with PyPI trusted publishers#251
tonybaloney merged 1 commit into
masterfrom
release-pipeline

Conversation

@tonybaloney
Copy link
Copy Markdown
Owner

@tonybaloney tonybaloney commented Apr 26, 2026

Summary

Separates the release pipeline from CI into a dedicated workflow triggered by GitHub Releases.

Changes

New: .github/workflows/release.yml

  • Trigger: release published event - runs when a GitHub Release is created/published
  • Builds: sdist + wheels for all platforms (Linux x86_64/aarch64, macOS aarch64, Windows x86_64/aarch64) for Python 3.10-3.14
  • Validation: twine check --strict on all wheels, zip integrity verification
  • Publish: uv publish --trusted-publishing always (PyPI OIDC trusted publishers)
  • Assets: All dist files attached to the GitHub Release
  • Requires a release environment with id-token: write permission

Updated: .github/workflows/ci.yml

  • Removed the inline release job (publishing now handled by release.yml)
  • Removed v2 branch and tag triggers (v2 is merged into master)
  • Kept build validation jobs (sdist + wheel builds + twine check) so packaging issues are caught in CI before release

Release workflow

  1. Push commits to master, CI validates tests + lints + builds
  2. Create a GitHub Release (tag it e.g. v2.0.0 or v2.0.0a1)
  3. Release workflow builds all wheels, publishes to PyPI, attaches assets to the release

Notes

  • PyPI trusted publisher must be configured on pypi.org for tonybaloney/wily with workflow release.yml and environment release
  • The release GitHub environment should be configured with any required reviewers/protection rules

@tonybaloney
Add release workflow with trusted publishers, separate from CI
94828ce 
- Create .github/workflows/release.yml triggered by GitHub Release
  (published event) instead of tag push
- Uses PyPI trusted publishers via uv publish --trusted-publishing always
- Builds sdist + wheels for all platforms (linux x86_64/aarch64,
  macos aarch64, windows x86_64/aarch64) for Python 3.10-3.14
- Validates wheels with twine check and integrity verification
- Attaches all dist files to the GitHub Release
- Remove release/publish job from ci.yml (CI keeps build validation)
- Remove v2 branch and tag triggers from CI (master only)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@tonybaloney tonybaloney merged commit bf73a84 into master Apr 26, 2026
25 checks passed
@tonybaloney tonybaloney deleted the release-pipeline branch April 26, 2026 04:11
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 26, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.35%. Comparing base (457096c) to head (94828ce).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #251   +/-   ##
=======================================
  Coverage   90.35%   90.35%           
=======================================
  Files          20       20           
  Lines        1192     1192           
  Branches      161      161           
=======================================
  Hits         1077     1077           
  Misses         87       87           
  Partials       28       28

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tonybaloney @codecov-commenter