diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 595769c..cf31a55 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -29,6 +29,20 @@ jobs: - name: Check out repository uses: actions/checkout@v6 + - name: Require release tag + run: | + if [ "${GITHUB_REF_TYPE}" != "tag" ]; then + echo "Publish must be run from a release tag, not ${GITHUB_REF_TYPE}: ${GITHUB_REF_NAME}" >&2 + exit 1 + fi + case "${GITHUB_REF_NAME}" in + v*) ;; + *) + echo "Publish tag must start with 'v': ${GITHUB_REF_NAME}" >&2 + exit 1 + ;; + esac + - name: Install uv uses: astral-sh/setup-uv@v8.1.0 with: @@ -42,6 +56,15 @@ jobs: - name: Install dependencies run: uv sync --locked --python 3.14 + - name: Verify tag matches package version + run: | + PACKAGE_VERSION=$(uv run python -c "import tomllib; print(tomllib.load(open('pyproject.toml', 'rb'))['project']['version'])") + TAG_VERSION="${GITHUB_REF_NAME#v}" + if [ "${PACKAGE_VERSION}" != "${TAG_VERSION}" ]; then + echo "Package version ${PACKAGE_VERSION} does not match tag ${GITHUB_REF_NAME}" >&2 + exit 1 + fi + - name: Run tests run: uv run pytest diff --git a/RELEASE.md b/RELEASE.md index cde849f..8c6229b 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -46,9 +46,9 @@ git push origin vX.Y.Z ``` 10. Create a GitHub Release from the tag using the changelog section as release notes. -11. Run the manual `Publish` workflow for TestPyPI first. +11. Run the manual `Publish` workflow from the release tag for TestPyPI first. 12. Install from TestPyPI in a clean environment and smoke-test imports. -13. Run the manual `Publish` workflow for PyPI only after TestPyPI passes. +13. Run the manual `Publish` workflow from the release tag for PyPI only after TestPyPI passes. ## TestPyPI Smoke Test