Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
AutoPub enables project maintainers to release new package versions to PyPI by merging pull requests.
AutoPub is intended for use with continuous integration (CI) systems such as GitHub Actions, CircleCI, or Travis CI. Projects used with AutoPub are built via build and published via Twine. Contributions that add support for other CI and build systems are welcome.
AutoPub settings can be configured via the [tool.autopub]
table in the target project’s pyproject.toml
file. Required settings include Git username and email address:
[tool.autopub]
git-username = "Your Name"
git-email = "your_email@example.com"
Contributors should include a RELEASE.md
file in their pull requests with two bits of information:
Example:
Release type: patch
Add function to update version strings in multiple files.
The following autopub
sub-commands can be used as steps in your CI flows:
autopub check
: Check whether release file exists.autopub prepare
: Update version strings and add entry to changelog.autopub build
: Build the project.autopub commit
: Add, commit, and push incremented version and changelog changes.autopub githubrelease
: Create a new release on GitHub.autopub publish
: Publish a new release.For systems such as Travis CI in which only one deployment step is permitted, there is a single command that runs the above steps in sequence:
autopub deploy
: Run prepare
, build
, commit
, githubrelease
, and publish
in one invocation.FAQs
Automatic package release upon pull request merge
We found that autopub demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.