Skip to content

Add GitHub Actions release workflow with Trusted Publisher#121

Closed
mgrange1998 wants to merge 2 commits into
facebookresearch:mainfrom
mgrange1998:export-D98518834
Closed

Add GitHub Actions release workflow with Trusted Publisher#121
mgrange1998 wants to merge 2 commits into
facebookresearch:mainfrom
mgrange1998:export-D98518834

Conversation

@mgrange1998
Copy link
Copy Markdown
Contributor

@mgrange1998 mgrange1998 commented Mar 27, 2026

Summary:

Problem

PrivacyGuard has no automated PyPI publishing workflow. Publishing requires manual package builds and API token management.

Solution

Add a GitHub Actions release workflow using PyPI Trusted Publishers (OIDC-based authentication, no API tokens needed).

New: .github/workflows/release.yml

  • Triggers on GitHub Release publish or manual workflow_dispatch
  • Runs the full test suite before building (reuses reusable_test.yml)
  • Builds sdist + wheel via python -m build
  • Publishes to PyPI using pypa/gh-action-pypi-publish with OIDC Trusted Publisher auth
  • Requires a pypi GitHub environment (for optional approval gating)

Modified: pyproject.toml

  • Enabled setuptools_scm (was commented out) so package version is derived from git tags automatically
  • Removed the unused write_to option — version is resolved at build time without generating a version.py

Setup required before first use

  1. PyPI: Register a pending Trusted Publisher at pypi.org -> Account -> Publishing:
    • PyPI project name: PrivacyGuard
    • Owner: facebookresearch
    • Repository: PrivacyGuard
    • Workflow: release.yml
    • Environment: pypi
  2. GitHub: Create a pypi environment in repo Settings -> Environments (optionally add required reviewers)
  3. To publish: Create a GitHub Release with a version tag (e.g., v0.1.0) — the workflow runs automatically

Differential Revision: D98518834

@mgrange1998 @facebook-github-bot
Fix license metadata from MIT to Apache-2.0 (facebookresearch#120)
73e2019 
Summary:

The pyproject.toml incorrectly declared the license as MIT, while the LICENSE file and README both specify Apache License 2.0. This fixes the metadata to match the actual license before first PyPI publish.

Differential Revision: D98512204
@mgrange1998 @facebook-github-bot
Add GitHub Actions release workflow with Trusted Publisher
400ebe1 
Summary:
## Problem
PrivacyGuard has no automated PyPI publishing workflow. Publishing requires manual package builds and API token management.

## Solution
Add a GitHub Actions release workflow using PyPI Trusted Publishers (OIDC-based authentication, no API tokens needed).

### New: `.github/workflows/release.yml`
- Triggers on GitHub Release publish or manual `workflow_dispatch`
- Runs the full test suite before building (reuses `reusable_test.yml`)
- Builds sdist + wheel via `python -m build`
- Publishes to PyPI using `pypa/gh-action-pypi-publish` with OIDC Trusted Publisher auth
- Requires a `pypi` GitHub environment (for optional approval gating)

### Modified: `pyproject.toml`
- Enabled `setuptools_scm` (was commented out) so package version is derived from git tags automatically
- Removed the unused `write_to` option — version is resolved at build time without generating a `version.py`

## Setup required before first use
1. **PyPI**: Register a pending Trusted Publisher at pypi.org -> Account -> Publishing:
   - PyPI project name: `PrivacyGuard`
   - Owner: `facebookresearch`
   - Repository: `PrivacyGuard`
   - Workflow: `release.yml`
   - Environment: `pypi`
2. **GitHub**: Create a `pypi` environment in repo Settings -> Environments (optionally add required reviewers)
3. **To publish**: Create a GitHub Release with a version tag (e.g., `v0.1.0`) — the workflow runs automatically

Differential Revision: D98518834
@meta-cla meta-cla Bot added the CLA Signed This label is managed by the Meta Open Source bot. label Mar 27, 2026
@meta-codesync
Copy link
Copy Markdown

meta-codesync Bot commented Mar 27, 2026

@mgrange1998 has exported this pull request. If you are a Meta employee, you can view the originating Diff in D98518834.

iden-kalemaj
iden-kalemaj approved these changes Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@iden-kalemaj iden-kalemaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review automatically exported from Phabricator review in Meta.

@meta-codesync meta-codesync Bot closed this in 34cd166 Mar 27, 2026
@meta-codesync
Copy link
Copy Markdown

meta-codesync Bot commented Mar 27, 2026

This pull request has been merged in 34cd166.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@iden-kalemaj iden-kalemaj iden-kalemaj approved these changes

Assignees

No one assigned

Labels

CLA Signed This label is managed by the Meta Open Source bot. fb-exported Merged meta-exported

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mgrange1998 @iden-kalemaj