release-checklist.md

Release Checklist

Use this before publishing the repository or cutting a package release.

Required

• Choose and commit an explicit license.
• Confirm README.md quickstart works on a fresh clone.
• Confirm all tracked configs are templates, not private configs.
• Confirm no generated scrape output is tracked.
• Confirm no cookies, storage-state files, HAR files, or tokens are tracked.
• Confirm no paid source text is tracked.
• Run uv sync --dev.
• Run uv run ruff check src tests schemas.
• Run uv run pytest.
• Run JSON schema syntax checks.
• Run git status --short and confirm the tree is clean.

Suggested Secret/Path Audit

git grep -n -I -E '(/Users/[^ ]+|/home/[^ ]+|\\.substack-sessions|cookie_file: "/|storage_state|storage-state|authorization:|bearer [A-Za-z0-9]|password:|token:|secret:)' -- . ':!uv.lock' ':!docs/release-checklist.md'

This command can produce legitimate matches in templates, docs, and source code. Inspect the matches and verify they are generic instructions, example paths, or code paths rather than private values.

History Audit

If the repository ever contained private target configs, paid output, or local absolute paths, publish only after rewriting history or creating a fresh clean repository.

git grep -n -I -E '(/Users/[^ ]+|/home/[^ ]+|\\.substack-sessions|paid source|storage_state|storage-state)' $(git rev-list --all) -- . ':!uv.lock' ':!docs/release-checklist.md'

As above, generic documentation and source-code references are acceptable after review. Private paths, paid output, and target-specific operational notes are not.

Package Release

• Verify pyproject.toml metadata.
• Verify the supported Python versions.
• Build a local package:

uv build

• Install the built wheel in a fresh environment and run substack-archive-scraper --help.