You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CPEX plugin releases currently use a custom per-plugin flow:
manually update Cargo.toml, plugin-manifest.yaml, and Cargo.lock
merge the version bump to main
manually create a <hyphenated-slug>-v<version> tag
run .github/workflows/release-rust-python-package.yaml
build with maturin build / maturin sdist
publish collected artifacts through pypa/gh-action-pypi-publish
This works, but the repo now owns release mechanics that standard tools may already cover.
Related issue: #82 tracks automating release tag creation in the current workflow. This issue is not a duplicate unless we decide that #82 should also own the release toolchain decision.
Proposal
Evaluate whether plugin release and publish should move to a standard toolchain based on:
cargo-release for version bumping, consistency checks, commits, and tag creation
maturin publish for building and publishing Rust-backed Python packages
The goal is to reduce custom release logic while preserving the CPEX-specific constraints around managed plugin discovery, tag naming, plugin manifests, CI checks, and PyPI trusted publishing.
Questions to answer
Can cargo-release support the required per-plugin tag format, for example rate-limiter-v0.0.5?
Can cargo-release safely update only the target plugin crate in this monorepo/workspace?
How should plugin-manifest.yaml stay in sync with the Cargo version?
Should manifest sync be handled by cargo-release hooks, an existing repo validation script, or a small dedicated helper?
Can maturin publish replace the current build plus pypa/gh-action-pypi-publish publish job while keeping OIDC/trusted publishing?
Does maturin publish fit the current multi-platform wheel matrix, or should publishing remain a separate artifact aggregation step?
Problem
CPEX plugin releases currently use a custom per-plugin flow:
Cargo.toml,plugin-manifest.yaml, andCargo.lockmain<hyphenated-slug>-v<version>tag.github/workflows/release-rust-python-package.yamlmaturin build/maturin sdistpypa/gh-action-pypi-publishThis works, but the repo now owns release mechanics that standard tools may already cover.
Related issue: #82 tracks automating release tag creation in the current workflow. This issue is not a duplicate unless we decide that #82 should also own the release toolchain decision.
Proposal
Evaluate whether plugin release and publish should move to a standard toolchain based on:
cargo-releasefor version bumping, consistency checks, commits, and tag creationmaturin publishfor building and publishing Rust-backed Python packagesThe goal is to reduce custom release logic while preserving the CPEX-specific constraints around managed plugin discovery, tag naming, plugin manifests, CI checks, and PyPI trusted publishing.
Questions to answer
cargo-releasesupport the required per-plugin tag format, for examplerate-limiter-v0.0.5?cargo-releasesafely update only the target plugin crate in this monorepo/workspace?plugin-manifest.yamlstay in sync with the Cargo version?cargo-releasehooks, an existing repo validation script, or a small dedicated helper?maturin publishreplace the current build pluspypa/gh-action-pypi-publishpublish job while keeping OIDC/trusted publishing?maturin publishfit the current multi-platform wheel matrix, or should publishing remain a separate artifact aggregation step?Suggested implementation path
rate_limiter, without changing the release process yet.cargo-releaseconfig that encodes the required tag format and per-plugin behavior.plugin-manifest.yamlneeds a repo helper.Cargo.lockupdatematurin publishagainst the current wheel build matrix and PyPI/TestPyPI publishing requirements.DEVELOPING.md; otherwise document why the current custom workflow is preferred.Acceptance criteria
cargo-release/maturin publish, partially adopt them, or keep the current workflow.Cargo.lock, and PyPI/TestPyPI publishing.