Skip to content

add automated release on GHA #823

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

add automated release on GHA #823

wants to merge 2 commits into from

Conversation

KRRT7
Copy link
Contributor

@KRRT7 KRRT7 commented Oct 15, 2025
edited by github-actions bot
Loading

User description

also fixes: astral-sh/uv#16105

PR Type

Enhancement, Other

Description

  • Add automated PyPI publishing workflow

  • Upgrade to astral-sh/setup-uv@v6

  • Build and smoke-test wheels and sdists

  • Use OIDC for secure publish

Diagram Walkthrough

flowchart LR
  A["Git tag push (v*)"] -- "triggers" --> B["Publish workflow"]
  B -- "setup" --> C["Install uv (v6)"]
  C -- "build" --> D["uv build (wheel + sdist)"]
  D -- "verify" --> E["Smoke tests (wheel, sdist)"]
  E -- "on success" --> F["uv publish (OIDC)"]
Loading

File Walkthrough
Relevant files
Enhancement
13 files
codeflash-optimize.yaml
Bump setup-uv action to v6                                                             
+1/-1     
e2e-async.yaml
Bump setup-uv action to v6                                                             
+1/-1     
e2e-bubblesort-benchmark.yaml
Bump setup-uv action to v6                                                             
+1/-1     
e2e-bubblesort-pytest-nogit.yaml
Bump setup-uv action to v6                                                             
+1/-1     
e2e-bubblesort-unittest.yaml
Bump setup-uv action to v6                                                             
+1/-1     
e2e-coverage-optimization.yaml
Bump setup-uv action to v6                                                             
+1/-1     
e2e-futurehouse-structure.yaml
Bump setup-uv action to v6                                                             
+1/-1     
e2e-init-optimization.yaml
Bump setup-uv action to v6                                                             
+1/-1     
e2e-topological-sort.yaml
Bump setup-uv action to v6                                                             
+1/-1     
e2e-tracer-replay.yaml
Bump setup-uv action to v6                                                             
+1/-1     
mypy.yml
Use setup-uv v6 for type checks                                                   
+1/-1     
unit-tests.yaml
Upgrade setup-uv to v6 for tests                                                 
+1/-1     
windows-unit-tests.yml
Upgrade setup-uv to v6 on Windows                                               
+1/-1     
Configuration changes
1 files
publish.yml
Add automated PyPI publish on tag                                               
+30/-0   

@github-actions github-actions bot added workflow-modified This PR modifies GitHub Actions workflows Review effort 2/5 labels Oct 15, 2025
@github-actions
Copy link

github-actions bot commented Oct 15, 2025
edited
Loading

PR Reviewer Guide 🔍

(Review updated until commit 90eadb8)

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Possible Issue

The publish workflow uses actions/checkout@v5, which is currently non-existent/stable v4 is latest; this may fail to resolve. Consider using actions/checkout@v4 unless v5 is intentional and available.

 
- name: Checkout
  uses: actions/checkout@v5
- name: Install uv
  uses: astral-sh/setup-uv@v6
Missing Python Setup

The publish job builds and runs smoke tests but does not pin or set a Python version via setup-uv inputs; ensure the required Python versions are available for build and tests or specify python-version for reproducibility.

 
- name: Install uv
  uses: astral-sh/setup-uv@v6
- name: Build
  run: uv build
# Check that basic features work and we didn't miss to include crucial files
- name: Smoke test (wheel)
  run: uv run --isolated --no-project --with dist/*.whl tests/smoke_test.py
- name: Smoke test (source distribution)
  run: uv run --isolated --no-project --with dist/*.tar.gz tests/smoke_test.py
OIDC Scope Validation

Using uv publish with OIDC requires PyPI trusted publisher configuration; verify the environment 'pypi' is correctly configured and that no API token is relied upon implicitly.

 
  name: pypi
permissions:
  id-token: write
  contents: read
steps:
  - name: Checkout
    uses: actions/checkout@v5
  - name: Install uv
    uses: astral-sh/setup-uv@v6
  - name: Build
    run: uv build
  # Check that basic features work and we didn't miss to include crucial files
  - name: Smoke test (wheel)
    run: uv run --isolated --no-project --with dist/*.whl tests/smoke_test.py
  - name: Smoke test (source distribution)
    run: uv run --isolated --no-project --with dist/*.tar.gz tests/smoke_test.py
  - name: Publish
    run: uv publish

@github-actions
Copy link

github-actions bot commented Oct 15, 2025
edited
Loading

PR Code Suggestions ✨

Latest suggestions up to 90eadb8
Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
General
Pin Python version for builds

Specify a Python version to guarantee a consistent build environment across runs.
Without it, the default runner Python may vary and produce non-reproducible wheels.

.github/workflows/publish.yml [21-22]

 - name: Install uv
   uses: astral-sh/setup-uv@v6
+  with:
+    python-version: "3.11"
Suggestion importance[1-10]: 7

__

Why: Setting an explicit python-version for setup-uv improves reproducibility of builds; the existing_code matches lines 21-22 and the improved_code correctly adds a with block to pin Python.

Medium
Make publish step explicit, verbose

Ensure the PyPI repository and project metadata are correctly targeted. Add
--publish-url pypi to force the default and include --verbose for better diagnostics
during OIDC-based trusted publishing failures.

.github/workflows/publish.yml [29-30]

 - name: Publish
-  run: uv publish
+  run: uv publish --publish-url pypi --verbose
Suggestion importance[1-10]: 4

__

Why: Adding --verbose can aid diagnostics, but --publish-url pypi is redundant since PyPI is the default with OIDC; impact is modest and optional. The existing_code matches lines 29-30.

Low
Possible issue
Pin checkout to stable major

Use a stable major version tag for actions/checkout to avoid breaking changes.
Pinning to @v4 aligns with other workflows and ensures compatibility on
ubuntu-latest.

.github/workflows/publish.yml [19-20]

 - name: Checkout
-  uses: actions/checkout@v5
+  uses: actions/checkout@v4
Suggestion importance[1-10]: 6

__

Why: The PR introduces actions/checkout@v5 whereas other workflows use @v4; pinning to a stable major can reduce risk of breaking changes, and the existing_code matches the new hunk lines 19-20.

Low

Previous suggestions

Suggestions up to commit 97d9e62
CategorySuggestion                                                                                                                                    Impact
General
Quote version to prevent parsing

Quote the python-version to avoid YAML interpreting it as a float or truncating
patch components in some contexts. This prevents subtle parsing issues across tools
and ensures the exact version is requested.

.github/workflows/e2e-async.yaml [57-61]

 - name: Set up Python 3.11 for CLI
   uses: astral-sh/setup-uv@v6
   with:
-    python-version: 3.11.6
+    python-version: "3.11.6"
Suggestion importance[1-10]: 6

__

Why: Quoting python-version ensures exact string handling and avoids YAML numeric parsing quirks; it's a small but valid robustness improvement. The improved_code correctly applies quotes to the existing snippet.

Low
Avoid action/tooling mismatch

Pinning setup-uv to v6 while also pinning uv to "0.5.30" can cause unexpected tool
mismatch if v6 changes input semantics. Add check-latest: true to ensure the action
fetches the latest patch of v6, or pin the action to an exact commit SHA for
stability. Prefer using a commit SHA for reproducible CI.

.github/workflows/mypy.yml [19-23]

 - name: Install uv
   uses: astral-sh/setup-uv@v6
   with:
     version: "0.5.30"
+    check-latest: true
Suggestion importance[1-10]: 5

__

Why: The existing code pins setup-uv to v6 and uv to "0.5.30"; adding check-latest: true or pinning a SHA can improve reliability, but it's optional and context-dependent. The improved_code accurately reflects adding check-latest.

Low
Possible issue
Use stable Python version

Ensure astral-sh/setup-uv@v6 supports Python "3.13" on windows-latest; early 3.13
builds may be unavailable and cause resolution failures. Consider pinning to a
released minor like "3.12" in CI or matrix-gate it behind availability to prevent
workflow breaks.

.github/workflows/windows-unit-tests.yml [21-25]

 - name: Install uv
   uses: astral-sh/setup-uv@v6
   with:
-    python-version: "3.13"
+    python-version: "3.12"
Suggestion importance[1-10]: 4

__

Why: Warning about Python "3.13" availability on windows-latest is reasonable, but changing to "3.12" is a policy choice and may not be necessary if 3.13 is supported. The code mapping is correct.

Low

@KRRT7 KRRT7 marked this pull request as ready for review October 15, 2025 22:26
@github-actions
Copy link

Persistent review updated to latest commit 90eadb8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Review effort 2/5 workflow-modified This PR modifies GitHub Actions workflows

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

uv cache prune --ci sometimes takes forever on GitHub runners

1 participant

@KRRT7