Added
- Automated PyPI Release Pipeline – Tag-triggered GitHub Actions workflow automatically builds, validates, and publishes releases to PyPI using
PYPI_API_TOKENsecret, eliminating manual publish steps. - Release Validation Tooling –
scripts/release/validate_release.pyCLI enforces semantic version progression, changelog completeness, and version/tag alignment in both branch and tag modes with actionable error messages. - Release Readiness Guardrails – Pull request workflow validates version bumps, changelog entries, and test passage before merge; protect-main workflow blocks direct pushes to main branch.
- Comprehensive Release Documentation – Complete maintainer guides covering secret management, branch protection, troubleshooting, and step-by-step release workflows in README, docs, and inline help.
- Enhanced PyPI Metadata – Added project URLs (repository, issues, docs, changelog), keywords, classifiers, and license information to improve PyPI discoverability and presentation.
- Changelog Extraction –
scripts/release/extract_changelog.pyautomatically extracts version-specific release notes for GitHub Releases. - Release Test Suite – 4 pytest tests validate branch mode, tag mode, changelog parsing, and version regression detection.
Changed
- GitHub Actions Workflows – Replaced legacy release workflow with modern PyPI automation supporting validation, building, checksums, GitHub Releases, and secure publishing.
- Documentation Structure – Added dedicated releases section to docs with readiness checklist, workflow references, and troubleshooting guides; updated table of contents.
Security
- Secret Hygiene – PyPI credentials exclusively stored in GitHub Actions secrets with rotation guidance; no tokens in repository or logs; workflows sanitize outputs.
- Workflow Permissions – Explicit least-privilege permissions in all workflows (contents:write, id-token:write for releases; contents:read for guards).