The present release is being done on main, but we intend to move to a new git workflow with release branches entitled release/vX.Y that never merge into another branch. Each official release tag vX.Y.Z will be on the associated branch release/vX.Y.
The GH action for publishing releases to PyPI will be setup to test/publish only on GH release/released events and in the release deployment environment.
Based on the suggestions in https://docs.pypi.org/trusted-publishers/security-model, once the new workflow is finalized, the release environment's rules should be altered to only work for tags that match the pattern v*.*.* on branches that match release/v*.*.
Should Sphinx docs only be published to RTD on the same events? Ditto for Jupyter book?
The present release is being done on
main, but we intend to move to a new git workflow with release branches entitledrelease/vX.Ythat never merge into another branch. Each official release tagvX.Y.Zwill be on the associated branchrelease/vX.Y.The GH action for publishing releases to PyPI will be setup to test/publish only on GH
release/releasedevents and in thereleasedeployment environment.Based on the suggestions in https://docs.pypi.org/trusted-publishers/security-model, once the new workflow is finalized, the
releaseenvironment's rules should be altered to only work for tags that match the patternv*.*.*on branches that matchrelease/v*.*.Should Sphinx docs only be published to RTD on the same events? Ditto for Jupyter book?