semantic-release-python
Advanced tools
Readme
A semantic-release plugin for PyPi.org that supports both regular and Poetry projects
Semantic Release Python is a semantic-release plugin that brings support for managing the publication of PyPi packages. It supports traditional Python projects with a setup.cfg file and also supports Poetry projects.
This plugin requires both Python 3 and a recent version of Node.js to be present. After installing the plugin, a few supporting Python packages will automatically be installed into a virtualenv located at .venv. Using a virtualenv helps to prevent incompatibilities with your current installed software. Before you run any configuration that contains, you must source the virtualenv by running . venv/bin/activate or install the dependencies in this project's requirements.txt through other means prior to utilizing the plugin.
If you are simply including this library in your project, all you need is a recent version of Node.js. Node.js >14.18.0 is sometimes required and is the only version range we actively support. Albeit, it is highly probable that lower versions will work as well depending on the requirements that this project imports.
The following versions of Node.js and Python are required for development:
Other versions may work, but only the above versions are supported. Most development dependencies are installed automatically by our Taskfile.yml set-up (even Node.js and Python). Run bash start.sh to install Bodega (an improved fork of go-task) and run the initialization sequence. The taskfiles will automatically install dependencies as they are needed, based on what development tasks you are running. For more information, check out the CONTRIBUTING.md or simply run:
npm run help
npm run help will ensure Bodega is installed and then open an interactive dialog where you can explore and learn about various developer commands.
| Step | Description |
|---|---|
verifyConditions |
|
prepare | Update the version in setup.cfg and create the distribution packages if it is not a Poetry project. But, if it is a Poetry project, then just update the version. |
publish | Build the project if it is a Poetry project and then publish the Python package to the PYPI_REPO_URL |
| Variable | Description | Required | Default |
|---|---|---|---|
PYPI_TOKEN | API token for PyPi (or password if PYPI_USERNAME is specified) | true | |
PYPI_USERNAME | PyPi username (only required if you are using a password instead of an API token) | false | __token__ |
PYPI_REPO_URL | URL of remote Python package repository | false | https://upload.pypi.org/legacy/ |
| Option | Type | Default | Description |
|---|---|---|---|
setupPy | string | ./setup.py | Location of setup.py (or any file in the root of the project for a Poetry project) |
distDir | string | dist | Directory to put the source distribution archive(s) in, relative to the directory of setup.py (this variable is not used in Poetry projects) |
repoUrl | string | https://upload.pypi.org/legacy/ | The repository to upload the package to |
pypiPublish | boolean | true | Whether to publish the Python package to the PyPi registry. If false, the package version will still be updated. |
gpgSign | boolean | false | Whether to sign the package using GPG. A valid PGP key must already be installed and configured on the host. Our implementation for Poetry projects currently do not support this feature. |
gpgIdentity | string | null | When gpgSign is true, set the GPG identify to use when signing files. Leave empty to use the default identity. Our implementation for Poetry projects currently do not support this feature. |
This plugin can be configured in the semantic-release configuration file. For a full example of a configuration used for multiple project types, check out the shareable configuration we use for all our of projects.
setup.cfg{
"plugins": [
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
"semantic-release-python"
]
}
{
"plugins": [
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
[
"semantic-release-python",
{
"setupPy": "./pyproject.toml"
}
]
]
}
Whenever this package is installed, it will run a bash script that ensures Bodega is installed and then install dependencies using a task defined in the Taskfiles included in the modules source. It attempts to use Poetry if it is installed but falls back to a regular venv if Poetry is not available.
Using Poetry might be the easier route. It will be easier to figure out exactly how this plugin can be used (by looking at semantic-release-config and our semantic-release task which is run by Bodega, a fork of go-task/task).
If you do not use Poetry, then before running semantic-release you should ensure that you activate the virtual environment that the post-install hook should automatically install (as long as Python 3 is installed). You can activate the Python virtual environment by running:
. .venv/bin/activate
After you run that, you enter a shell where you will have access to the dependencies that the post-install hook installed. You can then run the semantic-release CLI.
There may be some cases where you do not want the dependencies to be installed automatically by the plugin. For instance, you may want to bypass the post-install hook when running in a CI environment where it does not make a difference when using Python virtual environments. To disable the post-install hook, run the following somewhere before the installation:
export SEMANTIC_PYTHON_POST_INSTALL=false
If SEMANTIC_PYTHON_POST_INSTALL is set to false, then the post-install hook will be skipped. This allows you to permit other NPM packages to run post-install hooks without having to disable all scripts by running npm i --ignore-scripts.
Contributions, issues, and feature requests are welcome! Feel free to check the issues page. If you would like to contribute, please take a look at the contributing guide.
Dear Awesome Person,
I create open source projects out of love. Although I have a job, shelter, and as much fast food as I can handle, it would still be pretty cool to be appreciated by the community for something I have spent a lot of time and money on. Please consider sponsoring me! Who knows? Maybe I will be able to quit my job and publish open source full time.
Sincerely,
Brian Zalewski
Copyright © 2020-2021 Megabyte LLC. This project is MIT licensed.
FAQs
A semantic-release plugin for PyPi.org that supports both regular and Poetry projects
The npm package semantic-release-python receives a total of 299 weekly downloads. As such, semantic-release-python popularity was classified as not popular.
We found that semantic-release-python demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.