@bjoluc/semantic-release-config-poetry
Advanced tools
semantic-release configuration for Python projects using Poetry
A shareable semantic-release configuration and composite GitHub Action for Python packages that use Poetry.
Follow Conventional Commits (for instance, using commitizen).
Create an API token for PyPI (or another package index of your choice, like Test PyPI).
If you are using GitHub Actions:
PYPI_TOKEN.jobs:
test: ...
release:
name: Release
runs-on: ubuntu-latest
needs: test
if: github.repository_owner == 'your-github-name' && github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Install poetry
run: pip install poetry==1.2.1
- uses: bjoluc/semantic-release-config-poetry@v2
with:
pypi_token: ${{ secrets.PYPI_TOKEN }}
If you are not using GitHub Actions, configure a release job in your CI like this:
npm install --no-save @bjoluc/semantic-release-config-poetrynpx semantic-release --extends @bjoluc/semantic-release-config-poetryThe shareable semantic-release configuration exposed by this package requires the following environment variables.
When using the GitHub action, each environment variable can be set via its corresponding lower-case input variable (e.g., pypi_token for PYPI_TOKEN).
| Environment variable | Description |
|---|---|
PYPI_TOKEN | An API token for the PyPI repository specified by PYPI_REPOSITORY |
GITHUB_TOKEN | A GitHub API token to publish GitHub releases and comment on resolved issues. The github_token Action input is optional and defaults to the value of the GITHUB_TOKEN secret. |
Furthermore, the following optional environment variables can be set:
| Environment variable | Description | Default value |
|---|---|---|
PYPI_REPOSITORY | The repository to upload your Python package to (e.g., https://upload.pypi.org/legacy/ for PyPI, or https://test.pypi.org/legacy/ for Test PyPI) | https://upload.pypi.org/legacy/ |
RELEASE_BRANCH | The name of the Git branch to be released | main |
CHANGELOG_FILE | The path of the changelog file | CHANGELOG.md |
FAQs
semantic-release configuration for Python projects using Poetry
We found that @bjoluc/semantic-release-config-poetry demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket Threat Research maps a rare inside look at OtterCookie’s npm-Vercel-GitHub chain, adding 197 malicious packages and evidence of North Korean operators.
Research
Socket researchers identified a malicious Chrome extension that manipulates Raydium swaps to inject an undisclosed SOL transfer, quietly routing fees to an attacker wallet.
Research
/Security News
Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.