Releasing ABMForge
ABMForge release automation is intentionally conservative.
The current release workflow supports:
- manual release preparation;
- tag-triggered distribution builds;
- wheel and sdist validation;
- artifact upload from GitHub Actions;
- optional TestPyPI publishing through a protected environment.
It does not automatically publish to production PyPI.
Release Workflow
The workflow file is:
.github/workflows/release.yml
It can be triggered in two ways:
- manually through
workflow_dispatch; - by pushing a version tag matching
v*.
The build job always:
python -m build
python -m twine check dist/*
and uploads the generated distributions as workflow artifacts.
TestPyPI Publishing
TestPyPI publishing is manual and opt-in.
It only runs when:
- the workflow is manually triggered;
publish_testpypiis set totrue;- the GitHub environment named
testpypiallows the deployment; - a TestPyPI trusted publisher has been configured for the repository.
No long-lived PyPI token should be committed to the repository.
Recommended TestPyPI Environment
Create a GitHub environment named:
testpypi
Recommended settings:
- require manual approval;
- restrict who can approve deployments;
- do not store long-lived PyPI passwords unless trusted publishing is unavailable.
Before Creating a Release
Run locally:
python -m ruff format --check src tests examples scripts
python -m ruff check src tests examples scripts
python -m mkdocs build --strict
python -m pytest -q
python -m mypy src
python -m build
Then inspect:
python -m twine check dist/*
First Safe Release Path
Suggested sequence:
- merge all release-readiness PRs;
- update version metadata;
- update changelog;
- create a release candidate tag;
- run the Release workflow without TestPyPI publishing;
- inspect workflow artifacts;
- run the workflow manually with
publish_testpypi=true; - install from TestPyPI in a clean environment;
- only then consider production PyPI publishing in a later PR.
Non-Goals
The current workflow does not yet:
- publish to production PyPI;
- create GitHub Releases automatically;
- sign artifacts;
- generate provenance attestations;
- update Zenodo metadata;
- bump versions automatically.
Those should be added in later, separate PRs.