From a39559ae6ff270c97f3a263385af6a30d509cfdb Mon Sep 17 00:00:00 2001 From: Denis Angell Date: Mon, 4 Nov 2024 19:11:43 +0100 Subject: [PATCH 1/2] Update CHANGELOG.md (#748) * Update CHANGELOG.md * Update CHANGELOG.md --------- Co-authored-by: justinr1234 --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 692fcc816..6f8d11bc3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -89,6 +89,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 https://github.com/python/mypy/issues/6700 ## [2.0.0] - 2023-07-05 +### BREAKING CHANGE +- The default signing algorithm in the `Wallet` was changed from secp256k1 to ed25519 +- ### Added: - Wallet support for regular key compatibility - Added new ways of wallet generation: `from_seed`, `from_secret`, `from_entropy`, `from_secret_numbers` From ea1174b870b387481e5ff6bd9ea7e3075ab24c08 Mon Sep 17 00:00:00 2001 From: Chenna Keshava B S <21219765+ckeshava@users.noreply.github.com> Date: Mon, 4 Nov 2024 12:31:11 -0800 Subject: [PATCH 2/2] Use Github-Actions for PyPI release process (#760) * Initial draft of GIthub Actions workflow * install (or) load poetry from cache * Github Actions: Publish tagged commits into PyPI * Update version on the least-significant-digit -- this should not trigger PyPI publish Github Actions * Update minor version of the project * Update the instructions for the Release process * Include sigstore signatures, automatic github-release process * auto-generate release notes * revert the changes to project name and project-version * include code-rabbit's suggestions * Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * incoroprate CodeRabbit suggestions: part 2 * CodeRabbitAI suggestions part-3 * remove the redundant check condition * Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * include resources about Trusted Publishing on PyPI * Rectify the errors in the Github Actions file remove the check-wheel-contents usage; poetry build does not adhere to the required standards of the tool * Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update .github/workflows/publish_to_pypi.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: justinr1234 --- .github/workflows/publish_to_pypi.yml | 107 ++++++++++++++++++++++++++ CONTRIBUTING.md | 13 +++- 2 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/publish_to_pypi.yml diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml new file mode 100644 index 000000000..2111e7992 --- /dev/null +++ b/.github/workflows/publish_to_pypi.yml @@ -0,0 +1,107 @@ +name: Publish xrpl-py 🐍 distribution 📦 to PyPI +on: + push: + tags: + - '*' + +jobs: + build: + name: Build distribution 📦 + runs-on: ubuntu-latest + env: + POETRY_VERSION: 1.8.3 + + steps: + - uses: actions/checkout@v4 + - name: Set up Python + uses: actions/setup-python@v5 + with: + # Use the lowest supported version of Python for CI/CD + python-version: "3.8" + - name: Load cached .local + id: cache-poetry + uses: actions/cache@v3 + with: + path: /home/runner/.local + key: dotlocal-${{ env.POETRY_VERSION }}-${{ hashFiles('poetry.lock') }} + - name: Install poetry + if: steps.cache-poetry.outputs.cache-hit != 'true' + run: | + curl -sSL "https://install.python-poetry.org/" | python - --version "${{ env.POETRY_VERSION }}" + echo "${HOME}/.local/bin" >> $GITHUB_PATH + poetry --version || exit 1 # Verify installation + - name: Build a binary wheel and a source tarball + run: poetry build + - name: Store the distribution packages + uses: actions/upload-artifact@v4 + with: + name: python-package-distributions + path: dist/ + publish-to-pypi: + name: >- + Publish Python 🐍 distribution 📦 to PyPI + needs: build # Explicit dependency on build job + runs-on: ubuntu-latest + timeout-minutes: 10 # Adjust based on typical publishing time + permissions: + # More information about Trusted Publishing and OpenID Connect: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/ + id-token: write # IMPORTANT: mandatory for trusted publishing + steps: + - name: Download all the dists + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ + - name: Verify downloaded artifacts + run: | + ls dist/*.whl dist/*.tar.gz || exit 1 + - name: Publish distribution 📦 to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + verbose: true + verify-metadata: true + + github-release: + name: >- + Sign the Python 🐍 distribution 📦 with Sigstore + and upload them to GitHub Release + needs: + - publish-to-pypi + runs-on: ubuntu-latest + timeout-minutes: 15 # Adjust based on typical signing and release time + + permissions: + contents: write # IMPORTANT: mandatory for making GitHub Releases + id-token: write # IMPORTANT: mandatory for sigstore + + steps: + - name: Download all the dists + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ + - name: Sign the dists with Sigstore + uses: sigstore/gh-action-sigstore-python@v2.1.1 + with: + inputs: >- + ./dist/*.tar.gz + ./dist/*.whl + - name: Create GitHub Release + env: + GITHUB_TOKEN: ${{ github.token }} + run: >- + gh release create + '${{ github.ref_name }}' + --repo '${{ github.repository }}' + --generate-notes || + (echo "::error::Failed to create release" && exit 1) + - name: Upload artifact signatures to GitHub Release + env: + GITHUB_TOKEN: ${{ github.token }} + # Upload to GitHub Release using the `gh` CLI. + # `dist/` contains the built packages, and the + # sigstore-produced signatures and certificates. + run: >- + gh release upload + '${{ github.ref_name }}' dist/** + --repo '${{ github.repository }}' diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index af34609b7..6a1b49cbe 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -202,7 +202,18 @@ This should almost always be done using the [`xrpl-codec-gen`](https://github.co - Merge your changes. ### Release - +1. Please increment the version in `pyproject.toml` and update the `CHANGELOG.md` file appropriately. We follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +2. Please select a commit that is suitable for release and create a tag. The following commands can be helpful: +`git tag -s -a -m "Optional Message describing the tag"` +`git tag` -- This command displays all the tags in the repository. +`git push tag ` +3. A [Github Workflow](.github/workflows/publish_to_pypi.yml) completes the rest of the Release steps (building the project, generating a .whl and tarball, publishing on the PyPI platform). The workflow uses OpenID Connect's temporary keys to obtain the necessary PyPI authorization. +As a prerequisite, the PyPI `xrpl-py` project needs to authorize Github Actions as a "Trusted Publisher". This page contains helpful resources: https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#configuring-trusted-publishing +4. Send an email to [xrpl-announce](https://groups.google.com/g/xrpl-announce). +5. Post an announcement in the [XRPL Discord #python channel](https://discord.com/channels/886050993802985492/886053080913821717) with a link to the changes and highlighting key changes. + + +**Note: If maintainers prefer to manually release the xrpl-py software distribution, the below steps are relevant.** 1. Create a branch off main that properly increments the version in `pyproject.toml` and updates the `CHANGELOG` appropriately. We follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 2. Merge this branch into `main`. 3. Locally build and download the package.