This document outlines the complete release process for the Dotloop Python API wrapper project.
The project uses an automated release process that:
- Follows semantic versioning (MAJOR.MINOR.PATCH)
- Automatically publishes to PyPI when version tags are pushed
- Creates GitHub releases with changelog information
- Runs comprehensive tests and quality checks
- Supports both regular and pre-release versions
The default GitHub Actions release path uses PyPI Trusted Publishing via GitHub OIDC.
Before creating a release, ensure:
-
Development Environment Setup:
pip install -e ".[dev]" -
Git Configuration:
git config user.name "Your Name" git config user.email "your.email@example.com"
-
Clean Working Directory:
git status # Should show no uncommitted changes -
All Tests Pass:
pytest --cov=dotloop --cov-fail-under=100
-
Code Quality Checks:
black --check dotloop tests isort --check-only dotloop tests flake8 dotloop tests mypy dotloop
For bug fixes and minor improvements:
python scripts/bump_version.py patchFor new features that are backward compatible:
python scripts/bump_version.py minorFor breaking changes:
python scripts/bump_version.py major-
Update Documentation:
- Review and update README.md
- Update API documentation if needed
- Ensure all examples work with current code
-
Update Changelog:
- Add new section for the upcoming version in CHANGELOG.md
- Document all changes since the last release
- Follow the Keep a Changelog format
-
Final Testing:
# Run full test suite pytest -v --cov=dotloop --cov-report=html # Check code quality black --check dotloop tests isort --check-only dotloop tests flake8 dotloop tests mypy dotloop # Security scan bandit -r dotloop safety check
-
Commit All Changes:
git add . git commit -m "Prepare for release vX.Y.Z" git push origin main
-
Preview the Version Bump (Optional):
python scripts/bump_version.py --dry-run patch
-
Execute the Version Bump:
python scripts/bump_version.py patch # or minor/majorThis script will:
- Update version in
pyproject.toml - Update version in
dotloop/__init__.py - Commit the changes
- Create and push a git tag
- Push changes to the repository
- Update version in
-
Monitor the Release:
- Check GitHub Actions workflow: https://github.com/theperrygroup/dotloop/actions
- Verify the package appears on PyPI: https://pypi.org/project/dotloop/
- Check the GitHub release: https://github.com/theperrygroup/dotloop/releases
-
Verify the Release:
# Test installation from PyPI pip install dotloop==X.Y.Z # Test basic functionality python -c "import dotloop; print(dotloop.__version__)"
-
Update Documentation:
- Update any version-specific documentation
- Announce the release if needed
-
Prepare for Next Development:
- Update CHANGELOG.md with new "Unreleased" section
- Consider updating development dependencies
The GitHub Actions workflow (.github/workflows/release.yml) automatically:
- Runs tests on multiple Python versions (3.8-3.12)
- Runs tests on multiple platforms (Ubuntu, Windows, macOS)
- Performs code quality checks (black, isort, flake8, mypy)
- Runs security scans (bandit, safety)
- Generates coverage reports
- Builds the package
- Publishes to PyPI using PyPI Trusted Publishing
- Creates a GitHub release with changelog
- Uploads build artifacts
If the automated process fails, you can release manually:
-
Build the Package:
python -m build
-
Check the Package:
twine check dist/* -
Upload to PyPI:
twine upload dist/* --username __token__ --password $PYPI_API_TOKEN
Set
PYPI_API_TOKENin your shell first. Do not store live tokens in the repository.
For alpha, beta, or release candidate versions:
-
Manual Version Update: Edit
pyproject.tomlanddotloop/__init__.py:version = "1.1.0a1" # Alpha version = "1.1.0b1" # Beta version = "1.1.0rc1" # Release Candidate -
Create Tag Manually:
git add pyproject.toml dotloop/__init__.py git commit -m "Bump version to 1.1.0a1" git tag v1.1.0a1 git push origin main --tags
If a release needs to be rolled back:
-
Remove from PyPI (if possible):
- Contact PyPI support or use the web interface
- Note: PyPI doesn't allow re-uploading the same version
-
Create a Hotfix Release:
python scripts/bump_version.py patch
-
Communicate the Issue:
- Update GitHub release notes
- Notify users through appropriate channels
The automated release workflow is configured for PyPI Trusted Publishing and expects a PyPI publisher entry for this repository/workflow combination.
Configure it in the dotloop project settings on PyPI with:
- Owner:
theperrygroup - Repository:
dotloop - Workflow file:
release.yml
If you need to publish manually with twine, use a PyPI API token via the
PYPI_API_TOKEN environment variable. Do not commit the token or store it in
repository documentation.
GITHUB_TOKEN: Automatically provided by GitHub Actions
-
Version Bump Script Fails:
- Ensure working directory is clean
- Check that pyproject.toml and init.py exist
- Verify git is configured correctly
-
GitHub Actions Fails:
- Check the workflow logs
- Verify the PyPI Trusted Publisher is configured correctly
- If using a manual fallback, verify the PyPI token is valid
-
PyPI Upload Fails:
- Check if the version already exists
- Verify the Trusted Publisher or API token has correct permissions
- Ensure the package builds correctly
-
Tests Fail in CI:
- Run tests locally first
- Check for platform-specific issues
- Verify all dependencies are correctly specified
- Check GitHub Actions logs for detailed error messages
- Review PyPI upload logs
- Consult the Python Packaging Guide
- Open an issue in the repository for project-specific problems
- API tokens are stored securely in GitHub Secrets
- The release process runs in isolated GitHub Actions runners
- All dependencies are pinned to specific versions
- Security scans are run on every release
- Always test locally before releasing
- Keep changelog up to date
- Use semantic versioning consistently
- Monitor the release process
- Verify the release works as expected
- Communicate breaking changes clearly
- Maintain backward compatibility when possible
This release process ensures reliable, automated deployments while maintaining high code quality and security standards.