mousebender icon indicating copy to clipboard operation
mousebender copied to clipboard
verified publisher icon brettcannon

Document/automate the release process

Open brettcannon opened this issue 3 years ago • 7 comments

Proposed steps:

  1. Make sure the version number is accurate
  2. Run the "release" workflow:
    1. Build wheels
    2. Create draft GH release
    3. Upload wheels via trusted publishing
    4. Attach wheels to GH release
    5. Publish GH release
  3. Make sure the release notes in the GitHub release look good

I have plans around automating step 1 regarding the version number, but that's going to take some exploration first.

brettcannon avatar Dec 03 '22 23:12 brettcannon

Might be worth signing releases with sigstore.

https://github.com/sigstore/gh-action-sigstore-python

brettcannon avatar Jan 14 '23 04:01 brettcannon

https://github.com/sethmlarson/secure-python-package-template

brettcannon avatar Jan 17 '23 21:01 brettcannon

Generate provenance attestation: https://sethmlarson.dev/python-and-slsa?date=2023-03-18

brettcannon avatar Mar 22 '23 05:03 brettcannon

For package upload, consider https://docs.pypi.org/trusted-publishers/adding-a-publisher/ 😉

miketheman avatar Nov 14 '23 20:11 miketheman

For package upload, consider https://docs.pypi.org/trusted-publishers/adding-a-publisher/ 😉

Oh, I'm already aware. 😉 https://github.com/brettcannon/microvenv/blob/5e796652c3d80894da8ec9c819349ab45d77f3fd/.github/workflows/release.yml#L22

brettcannon avatar Nov 15 '23 01:11 brettcannon

Actually, we already use it! https://github.com/brettcannon/mousebender/blob/d58e3255ab00e1a63f44c546820e8b6a827252a2/.github/workflows/release.yml#L22

brettcannon avatar Nov 15 '23 01:11 brettcannon

I've updated the opening comment to more accurately reflect my thoughts.

brettcannon avatar Nov 15 '23 01:11 brettcannon