coulomb/kaizen-agentic
2
0
Fork 0
Code Issues 4 Pull Requests Actions Projects Releases Wiki Activity
Files
9d2bab9a384bb7f4f144a33a4c50cd241244375d
kaizen-agentic/docs/PACKAGE_RELEASE.md
tegwick 9d2bab9a38
Some checks failed
ci / test (push) Failing after 37s
Details
fix: use build venv in Gitea publish workflow (PEP 668) 
Haskelseed runner blocks system-wide pip installs. Create an isolated
.build-venv for build/twine and document workflow_dispatch API path.
2026-06-16 07:15:57 +02:00

116 lines
3.3 KiB
Markdown
Raw Blame History

# Python Package Release
`kaizen-agentic` publishes as the `kaizen-agentic` Python package on the Coulomb
Gitea PyPI registry. Public [pypi.org](https://pypi.org/) distribution is optional
and not required for ecosystem use.
## Install (consumers)
Dependencies such as `pyyaml` resolve from public PyPI. Use Gitea as an extra index:
```bash
export GITEA_PACKAGE_USER=<gitea-user>
export GITEA_PACKAGE_TOKEN=<package-token>
pip install kaizen-agentic \
--extra-index-url "https://${GITEA_PACKAGE_USER}:${GITEA_PACKAGE_TOKEN}@gitea.coulomb.social/api/packages/coulomb/pypi/simple/"
```
Global CLI via pipx:
```bash
pipx install kaizen-agentic \
--pip-args="--extra-index-url https://${GITEA_PACKAGE_USER}:${GITEA_PACKAGE_TOKEN}@gitea.coulomb.social/api/packages/coulomb/pypi/simple/"
```
Do not commit tokenized index URLs. Inject credentials via environment variables or
CI secrets.
## Local Release
Build and validate artifacts:
```bash
make package-check
```
Publish to the Coulomb organization registry:
```bash
TWINE_USERNAME=<gitea-user> \
TWINE_PASSWORD=<package-token> \
make publish-gitea
```
Package upload endpoint:
```text
https://gitea.coulomb.social/api/packages/coulomb/pypi
```
Consumer simple index:
```text
https://gitea.coulomb.social/api/packages/coulomb/pypi/simple/
```
## Gitea repository secrets (one-time)
Configure in Gitea: **Repository → Settings → Actions → Secrets**.
| Secret | Value |
|--------|-------|
| `PACKAGE_USER` | Gitea username with package upload permission (e.g. `tegwick`) |
| `PACKAGE_TOKEN` | Gitea API token with `write:package` scope |
Gitea rejects secret names prefixed with `GITEA_` — use `PACKAGE_USER` / `PACKAGE_TOKEN`
(not `GITEA_PACKAGE_USER`). Workflows use `runs-on: haskelseed` and native `git clone`
(no GitHub Marketplace actions).
The publish workflow fails at the upload step when either secret is missing or
invalid. Do not commit tokens to the repository.
Verify secrets without cutting a release:
1. Open **Actions → Publish Python package → Run workflow** (`workflow_dispatch`),
or dispatch via API:
`POST /api/v1/repos/coulomb/kaizen-agentic/actions/workflows/publish-python-package.yml/dispatches`
with body `{"ref":"main"}`
2. Confirm the run completes and `twine upload` succeeds
3. Optional: `pip install kaizen-agentic==<version> --extra-index-url ...`
The publish job uses an isolated `.build-venv` on the runner (PEP 668 safe).
## Pre-tag release checklist
Before `git tag vX.Y.Z && git push origin vX.Y.Z`:
- [ ] `make release-check` passes (tests, flake8, version consistency, agent parity)
- [ ] `make package-check` builds and validates `dist/*`
- [ ] `CHANGELOG.md` has a dated `[X.Y.Z]` section matching `pyproject.toml`
- [ ] `PACKAGE_USER` and `PACKAGE_TOKEN` secrets are set
- [ ] Publish workflow smoke-tested via `workflow_dispatch` (or prior tag release)
- [ ] `make agents-sync-package` run if `agents/` changed since last release
## Gitea Actions Release
The `.gitea/workflows/publish-python-package.yml` workflow publishes on tags
matching `v*`.
Example:
```bash
git tag v1.2.0
git push origin v1.2.0
```
## Public PyPI (optional)
When pypi.org credentials are configured (`~/.pypirc` or `TWINE_PASSWORD` API
token with `TWINE_USERNAME=__token__`):
```bash
make release-publish
python -m twine upload dist/*
```
Reference in New Issue View Git Blame Copy Permalink