Skip to content

Commit de83c3b

Browse files
authored
docs: refresh PyPI install guidance
Make PyPI the default public install path, document the active Trusted Publishing release flow, and update the distribution policy guard test. Tests: ruff check src/ tests/; python3 -m pytest tests/test_distribution_policy.py tests/test_versioning.py -q -p no:cacheprovider; python3 -m pytest -q -p no:cacheprovider
1 parent 182a821 commit de83c3b

4 files changed

Lines changed: 43 additions & 28 deletions

File tree

CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ Format: [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
88
## [Unreleased]
99

1010
### Changed
11+
- Updated public install documentation now that `github-repo-auditor` is live on
12+
PyPI.
1113
- Added a manual PyPI Trusted Publishing workflow that builds a release tag and
1214
publishes from a protected `pypi` environment after PyPI is configured.
1315
- Made PyPI publishing explicitly opt-in while keeping GitHub Releases as the supported public distribution path.

README.md

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,16 @@ Treat campaign/writeback, GitHub Projects, Notion sync, catalog overrides, score
138138

139139
### Installation
140140

141-
The package is published as GitHub release artifacts today. PyPI/package-index publishing is not active yet, so registry commands like `pip install github-repo-auditor` are not the recommended public path. See [docs/distribution.md](docs/distribution.md) for the current distribution policy.
141+
The package is published on PyPI and through GitHub Releases. For normal CLI use,
142+
install it as an isolated tool:
143+
144+
```bash
145+
# uv (recommended)
146+
uv tool install github-repo-auditor
147+
148+
# pipx
149+
pipx install github-repo-auditor
150+
```
142151

143152
Fastest no-clone path:
144153

@@ -148,13 +157,10 @@ chmod +x audit.pyz
148157
./audit.pyz --help
149158
```
150159

151-
Install from the public GitHub source:
160+
Install from the public GitHub source when you want the latest unreleased code:
152161

153162
```bash
154-
# uv (recommended)
155163
uv tool install 'git+https://github.com/saagpatel/GithubRepoAuditor.git'
156-
157-
# pipx
158164
pipx install 'git+https://github.com/saagpatel/GithubRepoAuditor.git'
159165

160166
# local editable clone
@@ -165,11 +171,12 @@ pip install -e ".[config]"
165171

166172
The self-contained `.pyz` binary is also available from the
167173
[GitHub Releases](https://github.com/saagpatel/GithubRepoAuditor/releases) page.
174+
See [docs/distribution.md](docs/distribution.md) for the release and publishing policy.
168175

169176
For the local web UI, install the `[serve]` extra from source:
170177

171178
```bash
172-
uv tool install 'git+https://github.com/saagpatel/GithubRepoAuditor.git#egg=github-repo-auditor[serve]'
179+
pip install "github-repo-auditor[serve]"
173180
# or from a clone: pip install -e ".[serve]"
174181
```
175182

docs/distribution.md

Lines changed: 24 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,16 @@
11
# Distribution
22

3-
GitHub Repo Auditor is public and currently distributed through GitHub Releases.
3+
GitHub Repo Auditor is public and distributed through PyPI and GitHub Releases.
44

55
## Current Public Path
66

7+
Use PyPI for the normal CLI install:
8+
9+
```bash
10+
uv tool install github-repo-auditor
11+
pipx install github-repo-auditor
12+
```
13+
714
Use the latest release binary when you want the fastest no-clone install:
815

916
```bash
@@ -12,7 +19,7 @@ chmod +x audit.pyz
1219
./audit.pyz --help
1320
```
1421

15-
Use the public GitHub source when you want an isolated tool install:
22+
Use the public GitHub source when you want the latest unreleased code:
1623

1724
```bash
1825
uv tool install 'git+https://github.com/saagpatel/GithubRepoAuditor.git'
@@ -21,33 +28,30 @@ pipx install 'git+https://github.com/saagpatel/GithubRepoAuditor.git'
2128

2229
## PyPI Status
2330

24-
PyPI publishing is not active yet. The package name `github-repo-auditor` was
25-
available when checked during the public-readiness pass on 2026-05-18, but that
26-
can change and should be rechecked immediately before first publication.
31+
PyPI publishing is active for `github-repo-auditor`.
2732

28-
The repository is prepared for a future PyPI release:
33+
The repository uses GitHub Actions Trusted Publishing:
2934

3035
- package metadata lives in `pyproject.toml`
3136
- `make build` creates the wheel and source distribution
3237
- `make dist-check` runs `twine check`
3338
- `scripts/release.sh` builds and checks artifacts by default
34-
- `scripts/release.sh --publish-pypi` is the only script path that uploads to PyPI
39+
- `scripts/release.sh --publish-pypi` remains an explicit local fallback only
3540
- `.github/workflows/pypi.yml` is a manual Trusted Publishing workflow for a
3641
release tag, using the `pypi` environment and short-lived OIDC credentials
3742

38-
## Activation Checklist
43+
## Release Checklist
3944

40-
Before the first PyPI release:
45+
For a normal public release:
4146

42-
1. Recheck that the `github-repo-auditor` PyPI name is still available.
43-
2. Configure PyPI Trusted Publishing for owner `saagpatel`, repository
44-
`GithubRepoAuditor`, workflow `pypi.yml`, and environment `pypi`.
45-
3. Protect the GitHub `pypi` environment so publishing requires intentional
46-
approval.
47-
4. Run the standard and distribution gates from [release-gates.md](release-gates.md).
48-
5. Open **Actions -> Publish to PyPI -> Run workflow** and enter the release tag,
49-
for example `v0.1.1`.
50-
6. Smoke-test `pipx install github-repo-auditor` or `uv tool install github-repo-auditor`.
47+
1. Run the standard and distribution gates from [release-gates.md](release-gates.md).
48+
2. Create a PEP 440-compatible `v*` tag from the verified `main` commit.
49+
3. Wait for the GitHub Release workflow to publish the wheel, source distribution,
50+
and `audit.pyz` assets.
51+
4. Smoke-test the GitHub Release `audit.pyz`.
52+
5. Open **Actions -> Publish to PyPI -> Run workflow** and enter the same release
53+
tag, for example `v0.1.3`.
54+
6. Approve the protected `pypi` environment.
55+
7. Smoke-test `pipx install github-repo-auditor` or `uv tool install github-repo-auditor`.
5156

52-
Until that checklist is complete, GitHub Releases remain the supported public
53-
distribution channel.
57+
GitHub Releases and PyPI should always publish the same tag.

tests/test_distribution_policy.py

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,10 @@ def test_distribution_docs_name_supported_public_channel() -> None:
3535
release_gates = (ROOT / "docs" / "release-gates.md").read_text()
3636
workflows_readme = (ROOT / ".github" / "workflows" / "README.md").read_text()
3737

38-
assert "GitHub Releases remain the supported public" in distribution_doc
39-
assert "PyPI publishing is not active yet" in distribution_doc
38+
assert "distributed through PyPI and GitHub Releases" in distribution_doc
39+
assert "PyPI publishing is active" in distribution_doc
40+
assert "uv tool install github-repo-auditor" in readme
41+
assert "pipx install github-repo-auditor" in readme
4042
assert "docs/distribution.md" in readme
4143
assert "scripts/release.sh --publish-pypi" in release_gates
4244
assert "pypi.yml" in workflows_readme

0 commit comments

Comments
 (0)