AutoPub enables project maintainers to release new package versions to PyPI by merging pull requests.
AutoPub is intended for use with continuous integration (CI) systems such as GitHub Actions, CircleCI, or Travis CI. Projects used with AutoPub are built via build and published via Twine. Contributions that add support for other CI and build systems are welcome.
AutoPub settings can be configured via the [tool.autopub] table in the target project’s pyproject.toml file. Required settings include Git username and email address:
[tool.autopub]
git-username = "Your Name"
git-email = "your_email@example.com"
Contributors should include a RELEASE.md file in their pull requests with two bits of information:
Example:
Release type: patch
Add function to update version strings in multiple files.
The following autopub sub-commands can be used as steps in your CI flows:
autopub check: Check whether release file exists.autopub prepare: Update version strings and add entry to changelog.autopub build: Build the project.autopub commit: Add, commit, and push incremented version and changelog changes.autopub githubrelease: Create a new release on GitHub.autopub publish: Publish a new release.For systems such as Travis CI in which only one deployment step is permitted, there is a single command that runs the above steps in sequence:
autopub deploy: Run prepare, build, commit, githubrelease, and publish in one invocation.FAQs
Automatic package release upon pull request merge
We found that autopub demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Elastic’s return to open source with the AGPL license has been met with skepticism, as many developers see it as a strategic move rather than a genuine effort to restore user trust and freedoms.
Security News
A new "revival hijack" supply chain attack targets deleted Python packages, with an estimated 22K packages at risk. Socket can detect and block hijacked packages that have added malicious code.
Product
We're introducing a new Analytics feature in the Socket dashboard so you can view changes in your organization's and repositories' alerts over time.