setuptools-github helps to setup a simple project life cycle where the target is delivering packages into PyPI from a hosted project at Github.
The idea is rather simple (and detailed in here):
beta/N.M.O branch will do all the previous checks + publishing a beta package N.M.ObXXX (XXX is an increasing number) on PyPIbeta/N.M.O branch will publish an official package on PyPI for N.M.OSee here for what the life cycle implementation looks like.
The project should conform to this layout style:
project-name/
├── setup.py
├── pyproject.toml
├── .github
│ └── workflows <- workflow files for
│ ├── beta.yml * beta/N.M.O branches
│ ├── master.yml * master branch
│ └── tags.yml * release/N.M.O tags
├── src
│ └── project_name <- project name
│ └── __init__.py <- version_file
└── tests <- tests (pytest)
├── conftest.py
└── requirements.txt <- requirement file for tests
NOTE for a pyproject.toml / hatch enabled version of this, please use hatch-ci plugin
pip install setuptools-github
or
conda install -c conda-forge setuptools-github
Create a new version_file src/project_name/__init__.py file to store the package information:
__version__ = "N.M.O" # replace N, M and O with numerical values (eg. 0.0.0)
__hash__ = "" # leave this empty
Include in the setup.py file:
from setuptools_github import tools
setup(
name="project-name",
version=tools.process(version_file, os.getenv("GITHUB_DUMP"))["version"],
...
NOTE: there's an annotated
tools.processexample in setup.py with support for keyword substitution on text files.
These are the steps to automate the build process on github.
Add these workflows file to your project:
These will trigger a build on:
NOTE: Most likely you might need to change:
- the
tests/requirements.txtfile- the envs variables at the beging of
master.ymlandbeta.yml
In order to publish to codecov the coveragen info and to PyPI the wheels, you need to set the github secrets under:
https://github.com/username/project-name/settings/secrets/actions
These are the needed secrets for the PyPI index and codecov services:
Every time there's a commit on the master branch, this will trigger the workflow under ./github/workflows/master.yml:
On completion static and dynamic tests are supported.
In order to prepare for a release a new beta/N.M.O branch should be created:
python -m setuptools_github.script make-beta src/project_name/__init__.py
or
setuptools-github make-beta src/project_name/__init__.py
Every commit on beta/N.M.O branch if Secrets have been set properly:
NOTE: the name project-N.M.O.bX contains the X: this is an incrementing counter set during build. This means project-N.M.O.bX < project-N.M.O allowing the correct package ordering.
To release an official package for project-N.M.O from the beta/N.M.O branch:
python -m setuptools_github.script micro src/project_name/__init__.py
or
setuptools-github make-beta micro src/project_name/__init__.py
This will tag the HEAD on beta/N.M.O branch with the release/N.M.O tag and increment the version_file with the next version N.M.O+1 (using micro).
Once done, you'll need to push it the tag.
git push release/N.M.O
This will:
FAQs
supports github releases
We found that setuptools-github demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.
Security News
Research
Socket researchers found a malicious Maven package impersonating the legitimate ‘XZ for Java’ library, introducing a backdoor for remote code execution.