feat: More robust release workflow for PyPi#399
Open
erichare wants to merge 3 commits intodatastax:mainfrom
Open
feat: More robust release workflow for PyPi#399erichare wants to merge 3 commits intodatastax:mainfrom
erichare wants to merge 3 commits intodatastax:mainfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #382
More robust release workflow for PyPI
Summary
Second-sweep improvements to the publish-and-release GitHub Actions workflow, plus standardization of CI tooling across all workflow files.
Changes
🚀 Release workflow — early exit for existing versions
• Added a check-pypi step in the build job that queries the PyPI JSON API (https://pypi.org/pypi/{pkg}/{version}/json) to detect if the version is already published
• All downstream jobs (test-pypi-publish, pre-release-checks, pre-release-unit-lowest-python, publish, mark-release) are now gated with if: needs.build.outputs.version-exists == 'false', avoiding expensive test runs when there's nothing to release
🔧 Standardized uv_setup composite action across CI
• Migrated lint.yml, local.yml, main.yml, and unit.yml from the legacy setup-python@v2 + pipx install uv + make venv pattern to the shared .github/actions/uv_setup composite action + uv sync --dev
• Removed the now-unnecessary LEGACY_INSERTMANY_BEHAVIOUR_PRE2193 secret requirement from main.yml and codecov_aggregator.yml
• Uncommented HEADER_RERANKING_API_KEY_NVIDIA in local.yml
🔒 Attestations re-enabled
• Switched attestations: false → attestations: true in both release.yml (production PyPI) and _test_release.yml (test PyPI)
• Added a NOTE comment as a reminder to revoke legacy PyPI API tokens once this trusted-publishing workflow is verified with an actual release
🧹 Minor cleanup (review-driven)
• Removed leftover "TEST FOR NOW" from the publish step name
• Added a 30s timeout to the PyPI version-check HTTP request to prevent workflow hangs
• Removed unused import json from the check-pypi inline script