Releasing TraceLens¶
TraceLens uses tag-driven releases. The package version comes from the git tag, and CI publishes only when a maintainer pushes a release tag.
This avoids CI-generated version commits, release loops, and PyPI's immutable version constraint.
Release Model¶
- Every pull request and every
maincommit runs tests, lint, typecheck, and package build validation. - A tag named
vX.Y.Zbuilds package versionX.Y.Z. - Pushing that tag triggers
.github/workflows/release.yml. - The release workflow publishes to PyPI using trusted publishing.
One-Time PyPI Setup¶
TraceLens already has a PyPI project and trusted publishing configured. Re-run this section only if the repository, workflow name, or PyPI ownership changes.
- Confirm the package metadata:
-
In PyPI, add a trusted publisher for this repository:
-
Owner:
ssf0409 - Repository:
tracelens - Workflow:
release.yml -
Environment:
release -
In GitHub, create the
releaseenvironment under repository settings. Add required reviewers if you want a manual approval gate before publishing.
No PyPI API token is required when trusted publishing is configured correctly.
Cut A Release¶
- Move changelog entries from
[Unreleased]to a dated version section:
- Ensure the verification gate is green:
uv lock --check
uv run --frozen pytest -q
uv run --frozen ruff check src/ tests/ examples/ benchmarks/high-stakes-autonomous
uv run --frozen --extra dev mypy src/tracelens/
uv build --sdist --wheel
-
Run the release-relevant environment checks from Contributor Testing, especially the clean wheel smoke when packaging, CLI, README, public imports, or dependency metadata changed.
-
Commit the release notes.
-
Create and push the tag:
-
Watch the GitHub Actions release workflow.
-
Create the matching GitHub Release for the tag. Use the changelog section as the release notes so GitHub and PyPI tell the same story:
- Verify all public release channels agree:
python -m pip index versions tracelens
gh release list --limit 5
git ls-remote --tags origin "vX.Y.Z"
- After PyPI publish completes, smoke test from a clean environment:
python -m venv /tmp/tracelens-release-smoke
/tmp/tracelens-release-smoke/bin/python -m pip install tracelens
/tmp/tracelens-release-smoke/bin/tracelens --help
Dependency Guidance¶
Downstream projects should depend on TraceLens from PyPI:
Public GitHub or PyPI dependencies do not need a CI secret. A secret is only needed when a downstream CI job checks out or installs a private repository.
For local pre-release checks, prefer the built-wheel and downstream smoke guidance in Contributor Testing. TestPyPI is optional and mainly useful when changing the publishing workflow itself.