forgejo_admin/pal-e-auth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Woodpecker CI + PyPI publishing (#3) #5

Merged
forgejo_admin merged 3 commits from 3-woodpecker-pypi-pipeline into main 2026-02-23 22:07:33 +00:00
Conversation 0 Commits 3 Files changed 1 +39
forgejo_admin commented 2026-02-23 22:03:18 +00:00
Owner
Copy link

Summary

  • Test step: poetry install, ruff lint/format, pytest on every push/PR
  • Publish step: build + twine upload to PyPI on push to main
  • Idempotent: skips if version already exists on PyPI (via JSON API check)
  • Secrets: TWINE_PASSWORD injected via Woodpecker from_secret (never in CLI args)

Closes #3

Test plan

  • Woodpecker runs test step on PR
  • After merge, publish step uploads v0.1.0 to PyPI
  • Re-push same version is a no-op

Review

  • Passed automated review-fix loop (3 rounds)
  • User approved merge

🤖 Generated with Claude Code

## Summary - Test step: poetry install, ruff lint/format, pytest on every push/PR - Publish step: build + twine upload to PyPI on push to main - Idempotent: skips if version already exists on PyPI (via JSON API check) - Secrets: TWINE_PASSWORD injected via Woodpecker from_secret (never in CLI args) Closes #3 ## Test plan - [ ] Woodpecker runs test step on PR - [ ] After merge, publish step uploads v0.1.0 to PyPI - [ ] Re-push same version is a no-op ## Review - [x] Passed automated review-fix loop (3 rounds) - [ ] User approved merge 🤖 Generated with [Claude Code](https://claude.com/claude-code)
- Test step: poetry install, ruff check/format, pytest (every push/PR)
- Publish step: build + twine upload to PyPI (push to main only)
- Idempotent: skips publish if version already exists on PyPI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace unreliable `pip index versions` with PyPI JSON API for
  idempotency check (exact version match via HTTP status)
- Use TWINE_USERNAME/TWINE_PASSWORD env vars instead of CLI args
  (defense-in-depth: avoids token in process list)
- Add --no-interaction to poetry install
- Remove redundant when clause on test step

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Avoids token appearing in process args or Woodpecker command logs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo_admin/pal-e-auth!5
No description provided.