Update CI to tag release, and release 0.2.0#6
Conversation
There was a problem hiding this comment.
Pull request overview
This PR bumps the Python SDK to version 0.2.0 and updates the PyPI publish GitHub Actions workflow to also create a corresponding Git tag when a new version is published.
Changes:
- Bump package version to
0.2.0in project metadata and lockfile. - Extend the PyPI publish workflow to emit the local version as an output and tag the release.
- Adjust GitHub Actions permissions to allow pushing tags.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
pyproject.toml |
Updates the package version metadata to 0.2.0. |
uv.lock |
Updates the editable package entry version to 0.2.0. |
.github/workflows/pypi_publish.yml |
Adds version output + a “Tag release” step and elevates contents permission for tag pushing. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| permissions: | ||
| contents: read | ||
| contents: write | ||
| id-token: write # required for PyPI trusted publishing (OIDC) |
There was a problem hiding this comment.
Changing workflow permissions to contents: write grants repo write access to the whole job. Since this is only needed for tagging, consider splitting tagging into a separate job (dependent on publish) with contents: write, keeping the publish/build job at contents: read to follow least-privilege and reduce blast radius if a step/action is compromised.
| git tag "v${{ steps.version.outputs.version }}" | ||
| git push origin "v${{ steps.version.outputs.version }}" |
There was a problem hiding this comment.
The tagging commands will fail on workflow re-runs or if the tag already exists remotely (e.g., git tag errors locally or git push is rejected), which can leave the package published but the workflow marked failed. Add an existence check (local+remote) and skip tagging if v<version> already exists, or make the push logic explicitly idempotent.
| git tag "v${{ steps.version.outputs.version }}" | |
| git push origin "v${{ steps.version.outputs.version }}" | |
| TAG="v${{ steps.version.outputs.version }}" | |
| if git rev-parse -q --verify "refs/tags/$TAG" >/dev/null; then | |
| echo "Tag $TAG already exists locally; skipping tag creation." | |
| exit 0 | |
| fi | |
| if git ls-remote --exit-code --tags origin "refs/tags/$TAG" >/dev/null 2>&1; then | |
| echo "Tag $TAG already exists on origin; skipping tag push." | |
| exit 0 | |
| fi | |
| git tag "$TAG" | |
| git push origin "$TAG" |
| [project] | ||
| name = "decibel-python-sdk" | ||
| version = "0.1.2" | ||
| version = "0.2.0" |
There was a problem hiding this comment.
[project].version is now 0.2.0, but the package exports decibel.__version__ from src/decibel/_version.py, which is currently set to 0.1.0. This will cause the runtime-reported version to disagree with the published package version; update the exported version source to stay in sync (or derive it from package metadata).
| version = "0.2.0" | |
| version = "0.1.0" |
No description provided.