Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
recite
intends to make releasing poetry-based libraries easier and avoid missing important steps (e.g. adapting the changelog (because you should keep one)).
$ recite release patch
recite > 👀 Checking everything to make sure you are ready to release 👀
recite > 1: ✓ Make sure you have a (non-empty) pyproject.toml
recite > 2: ✓ Make sure you're on main/master branch
recite > 3: ✓ Make sure git is clean
recite > 4: ✓ Run test-suite
recite > 5: ✓ Make sure changelog was updated
recite > 🤓 Everything looks perfect! 🤓
recite > I will perform the following steps:
recite > * Would bump version from 0.1.0 to 0.1.1
recite > * Commit version bump
recite > * Create git tag 0.1.1
recite > * Push git tag 0.1.1
recite > * Remind you to upload build as github release
Do you want to proceed? [y/N]: y
recite > ✨ Performing release ✨
recite > 1: ✓ Bump version
recite > * Bumped version from 0.1.0 to 0.1.1
recite > 2: ✓ Commit version bump
recite > 3: ✓ Create git tag 0.1.1
recite > 4: ✓ Push git tag 0.1.1
recite > 5: ✓ Build and publish with poetry
Please create a github release now! Did you do it? [y/N]: y
recite > 6: ✓ Remind you to upload build as github release
recite > 🚀 Congrats to your release! 🚀
Since recite
is a python application it is recommended to install it via pipx:
$ pipx install recite
But you can also install it via pip:
$ pip install recite
You can perform e.g a patch release with the command:
$ recite release patch
The classifiers are the same as poetry's bump rules of the it's version command.
To list the available checks use:
$ recite list-checks
You can find more info in the docs
Previously I used a github action to automatically build and publish a new version of a library if a new tag was pushed. However, sometimes I forgot something crucial (e.g. to adapt the changelog). In this case I had to rush to stop the github action before it would publish the release to pypi (where it would lie forever unable to be rectified).
With recite
it is ensured all the necessary checks are in place before any tags are created.
FAQs
Publish your poetry-based projects, without missing important steps
We found that recite demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.