Clean up repository before release

.github/dependabot.yml

@@ -0,0 +1,19 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+
+  - package-ecosystem: "pre-commit"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 5

.github/workflows/ci.yml

@@ -20,11 +20,9 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-
-      - name: Sync submodules to tracked branches
-        run: |
-          git submodule sync --recursive
-          git submodule update --init --remote --recursive
+        with:
+          submodules: recursive
+          persist-credentials: false
 
       - name: Setup Python
         id: setup-python
@@ -97,3 +95,59 @@ jobs:
         with:
           name: coverage-${{ matrix.os }}-py${{ matrix.python-version }}
           path: coverage.xml
+
+  package:
+    name: Package build and install smoke
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          persist-credentials: false
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install build tooling
+        run: python -m pip install --upgrade pip build twine
+
+      - name: Build sdist and wheel
+        run: python -m build
+
+      - name: Check distribution metadata
+        run: python -m twine check dist/*
+
+      - name: Install wheel in a clean virtual environment
+        run: |
+          python -m venv .install-smoke
+          .install-smoke/bin/python -m pip install --upgrade pip
+          .install-smoke/bin/python -m pip install dist/*.whl
+          .install-smoke/bin/python -c "from pysatl_core.sampling.unuran.bindings import _unuran_cffi; assert _unuran_cffi is not None; print(_unuran_cffi.lib.unur_get_errno())"
+
+  wheels:
+    name: Build wheels on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ macos-latest, windows-latest ]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          persist-credentials: false
+
+      - name: Build wheels
+        uses: pypa/cibuildwheel@v3.4.1
+
+      - name: Upload wheels
+        uses: actions/upload-artifact@v4
+        with:
+          name: wheels-${{ matrix.os }}
+          path: wheelhouse/*.whl

.github/workflows/docs_deploy.yml

@@ -22,11 +22,9 @@ jobs:
       url: ${{ steps.deployment.outputs.page_url }}
     steps:
       - uses: actions/checkout@v4
-
-      - name: Sync submodules to tracked branches
-        run: |
-          git submodule sync --recursive
-          git submodule update --init --remote --recursive
+        with:
+          submodules: recursive
+          persist-credentials: false
 
       - uses: actions/setup-python@v5
         with:

.github/workflows/docs_preview.yml

@@ -12,11 +12,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-
-      - name: Sync submodules to tracked branches
-        run: |
-          git submodule sync --recursive
-          git submodule update --init --remote --recursive
+        with:
+          submodules: recursive
+          persist-credentials: false
 
       - uses: actions/setup-python@v5
         with:

.gitignore

@@ -5,6 +5,9 @@ __pycache__/
 
 # C extensions
 *.so
+*.pyd
+*.dll
+*.dylib
 *.o
 
 # Distribution / packaging

README.md

@@ -1,7 +1,7 @@
 # PySATL Core
 
-[status-shield]: https://img.shields.io/github/actions/workflow/status/PySATL/pysatl-core/ci.yml?branch=main&event=push&style=for-the-badge&label=CI
-[status-url]: https://github.com/PySATL/pysatl-core/actions/workflows/ci.yml
+[status-shield]: https://github.com/PySATL/pysatl-core/actions/workflows/ci.yml/badge.svg?branch=main&event=push
+[status-url]: https://github.com/PySATL/pysatl-core/actions/workflows/ci.yml?query=branch%3Amain+event%3Apush
 [license-shield]: https://img.shields.io/github/license/PySATL/pysatl-core.svg?style=for-the-badge&color=blue
 [license-url]: LICENSE
 
@@ -14,8 +14,8 @@ The library is designed as a **foundational kernel** rather than a ready-to-use
 
 > **Project status**  
 > PySATL Core is currently in **early alpha**.  
-> It is **not published** to package managers such as `pip` yet.  
-> To experiment with the library, clone the repository and work with it locally.
+> It is not published to PyPI yet. After the first alpha release, the package
+> will be installable with `pip install pysatl-core`.
 
 ---
 
@@ -42,33 +42,41 @@ The library is designed as a **foundational kernel** rather than a ready-to-use
 - Python **3.12+** (the project relies on **PEP 695** syntax)
 - NumPy **2.x**
 - SciPy **1.13+**
-- A C toolchain for compiling the UNURAN bindings:
+- A C toolchain when building from source or from an sdist:
   - **Linux/macOS:** GCC (or Clang) plus standard build utilities.
   - **Windows:** Microsoft Visual C++ Build Tools (MSVC) from Visual Studio or the standalone Build Tools installer.
 - Poetry (recommended for development)
 
 ---
 
-## Installation (from source)
+## Installation
+
+After the first PyPI release:
+
+```bash
+pip install pysatl-core
+```
+
+Until then, install from source.
 
 Clone the repository:
 
 ```bash
 git clone https://github.com/PySATL/pysatl-core.git
 cd pysatl-core
-git submodule update --init --remote --recursive
+git submodule update --init --recursive
 ```
 
-### Using Poetry (recommended)
+### Development install
 
 ```bash
-poetry install --with docs
+poetry install --with dev,docs
 ```
 
-### Using pip (editable install)
+### Editable runtime install
 
 ```bash
-pip install -e ".[docs]"
+pip install -e .
 ```
 
 ---
@@ -152,6 +160,16 @@ poetry run pytest
 poetry run pre-commit run --all-files
 ```
 
+### Package sanity check
+
+```bash
+poetry run python -m build
+poetry run twine check dist/*
+```
+
+These commands build the local distribution artifacts and validate their metadata.
+They do not publish anything.
+
 ---
 
 ## 🗺 Roadmap

SECURITY.md

@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+PySATL Core is currently in early alpha. Security fixes are applied to the
+latest development line and to the latest published release once releases are
+available on PyPI.
+
+## Reporting a Vulnerability
+
+Please do not report security vulnerabilities through public GitHub issues.
+
+Use GitHub's private vulnerability reporting or create a private security
+advisory for this repository. If that is not available, contact one of the
+maintainers listed in `pyproject.toml`.
+
+When reporting a vulnerability, include:
+
+- A short description of the issue.
+- A minimal reproduction if possible.
+- Affected versions or commits.
+- Any known workarounds.
+
+We will acknowledge the report, investigate it, and coordinate disclosure once a
+fix is available.

docs/source/changelog.rst

@@ -1,8 +1,16 @@
 Changelog
 =========
 
-Version 0.0.1a0 (Alpha)
-------------------------
+Unreleased
+----------
+
+* Prepared package metadata for the first alpha publication.
+* Added package build, wheel installation, and binary extension smoke checks.
+* Switched the UNU.RAN binding build to compile vendored sources into the CFFI
+  extension.
+
+Version 0.0.1a0 (Alpha, planned)
+---------------------------------
 
 * Initial release with core functionality
 * Basic distribution framework

docs/source/conf.py

@@ -1,13 +1,19 @@
 import os
 import sys
+import tomllib
 from datetime import datetime
+from pathlib import Path
 
 sys.path.insert(0, os.path.abspath("../../src"))
 
+ROOT = Path(__file__).resolve().parents[2]
+with (ROOT / "pyproject.toml").open("rb") as pyproject_file:
+    PYPROJECT = tomllib.load(pyproject_file)
+
 project = "PySATL Core"
 copyright = f"{datetime.now().year}, Leonid Elkin, Mikhail Mikhailov"
 author = "Leonid Elkin, Mikhail Mikhailov"
-release = "0.0.1a0"
+release = PYPROJECT["tool"]["poetry"]["version"]
 
 extensions = [
     "sphinx.ext.autodoc",
@@ -120,7 +126,7 @@
 }
 
 suppress_warnings = [
-    # 'autodoc.duplicate_object',
+    "autodoc.duplicate_object",
     "ref.misc",
 ]
 

docs/source/user_guide/installation.rst

@@ -3,25 +3,45 @@ Installation
 
 .. note::
 
-   PySATL Core is currently in an early alpha stage and is not distributed as a
-   package via common managers such as pip. To try it out, you need to clone
-   the repository and work with it locally.
+   PySATL Core is currently in an early alpha stage and is not published to
+   PyPI yet. After the first alpha release, the package will be installable with
+   ``pip install pysatl-core``.
+
+From PyPI
+---------
+
+After the first release, install the package with:
+
+.. code-block:: bash
+
+   pip install pysatl-core
+
+Until then, use a source checkout.
+
+Clone the repository
+--------------------
+
+.. code-block:: bash
+
+   git clone https://github.com/PySATL/pysatl-core.git
+   cd pysatl-core
+   git submodule update --init --recursive
 
 Using Poetry
 ------------
 
-If you use Poetry, install documentation dependencies with:
+For development, install runtime, dev, and documentation dependencies with:
 
 .. code-block:: bash
 
-   poetry install --with docs
+   poetry install --with dev,docs
 
 Using pip
 ---------
 
 If you prefer plain pip, make sure you are on **Python 3.12+** (the project
-uses PEP 695 syntax), then install docs requirements:
+uses PEP 695 syntax), then install the package in editable mode:
 
 .. code-block:: bash
 
-   pip install -e ".[docs]"
+   pip install -e .