coulomb/kaizen-agentic
2
0
Fork 0
Code Issues 4 Pull Requests Actions Projects Releases Wiki Activity
Files
main
kaizen-agentic/docs/PACKAGE_RELEASE.md
tegwick 47b743a074
Some checks failed
ci / test (push) Failing after 1m17s
Details
docs: record publish workflow smoke-test outcome (WP-0005 T02) 
Document workflow_dispatch run #17: build passes with .build-venv; twine
upload 401 indicates PACKAGE_USER/PACKAGE_TOKEN secrets need verification.
2026-06-16 07:26:09 +02:00

3.6 KiB
Raw Permalink Blame History

Python Package Release

kaizen-agentic publishes as the kaizen-agentic Python package on the Coulomb Gitea PyPI registry. Public pypi.org distribution is optional and not required for ecosystem use.

Install (consumers)

Dependencies such as pyyaml resolve from public PyPI. Use Gitea as an extra index:

export GITEA_PACKAGE_USER=<gitea-user>
export GITEA_PACKAGE_TOKEN=<package-token>

pip install kaizen-agentic \
  --extra-index-url "https://${GITEA_PACKAGE_USER}:${GITEA_PACKAGE_TOKEN}@gitea.coulomb.social/api/packages/coulomb/pypi/simple/"

Global CLI via pipx:

pipx install kaizen-agentic \
  --pip-args="--extra-index-url https://${GITEA_PACKAGE_USER}:${GITEA_PACKAGE_TOKEN}@gitea.coulomb.social/api/packages/coulomb/pypi/simple/"

Do not commit tokenized index URLs. Inject credentials via environment variables or CI secrets.

Local Release

Build and validate artifacts:

make package-check

Publish to the Coulomb organization registry:

TWINE_USERNAME=<gitea-user> \
TWINE_PASSWORD=<package-token> \
make publish-gitea

Package upload endpoint:

https://gitea.coulomb.social/api/packages/coulomb/pypi

Consumer simple index:

https://gitea.coulomb.social/api/packages/coulomb/pypi/simple/

Gitea repository secrets (one-time)

Configure in Gitea: Repository → Settings → Actions → Secrets.

Secret Value
PACKAGE_USER Gitea username with package upload permission (e.g. tegwick)
PACKAGE_TOKEN Gitea API token with write:package scope

Gitea rejects secret names prefixed with GITEA_ — use PACKAGE_USER / PACKAGE_TOKEN (not GITEA_PACKAGE_USER). Workflows use runs-on: haskelseed and native git clone (no GitHub Marketplace actions).

The publish workflow fails at the upload step when either secret is missing or invalid. Do not commit tokens to the repository.

Smoke-test result (2026-06-16): workflow_dispatch run #17 built and passed twine check; upload returned 401 Unauthorized. That indicates PACKAGE_USER / PACKAGE_TOKEN repo secrets need verification (token must include write:package, username must match the token owner). Build step uses .build-venv and is PEP 668 safe on haskelseed.

Verify secrets without cutting a release:

  1. Open Actions → Publish Python package → Run workflow (workflow_dispatch), or dispatch via API: POST /api/v1/repos/coulomb/kaizen-agentic/actions/workflows/publish-python-package.yml/dispatches with body {"ref":"main"}
  2. Confirm the run completes and twine upload succeeds
  3. Optional: pip install kaizen-agentic==<version> --extra-index-url ...

The publish job uses an isolated .build-venv on the runner (PEP 668 safe).

Pre-tag release checklist

Before git tag vX.Y.Z && git push origin vX.Y.Z:

  • make release-check passes (tests, flake8, version consistency, agent parity)
  • make package-check builds and validates dist/*
  • CHANGELOG.md has a dated [X.Y.Z] section matching pyproject.toml
  • PACKAGE_USER and PACKAGE_TOKEN secrets are set
  • Publish workflow smoke-tested via workflow_dispatch (or prior tag release)
  • make agents-sync-package run if agents/ changed since last release

Gitea Actions Release

The .gitea/workflows/publish-python-package.yml workflow publishes on tags matching v*.

Example:

git tag v1.2.0
git push origin v1.2.0

Public PyPI (optional)

When pypi.org credentials are configured (~/.pypirc or TWINE_PASSWORD API token with TWINE_USERNAME=__token__):

make release-publish
python -m twine upload dist/*
Reference in New Issue View Git Blame Copy Permalink