Release process is cumbersome #683
Comments
|
That does seem like a long list. Related:
|
|
Having just released 3.3.0 using my local command line (as instructed by https://twine.readthedocs.io/en/latest/contributing.html#making-a-new-release), I'm curious about moving more/all of that to GitHub, via Releases and Actions. For example, I was tempted to use https://github.com/pypa/twine/releases/new to give a nice, succinct changelog, ala https://github.com/pypa/bandersnatch/releases, https://github.com/pypa/packaging/releases, and https://github.com/pytest-dev/pytest/releases. However, I think that would require transforming the reStructuredText changelog into Markdown. Any suggestions, or good examples of this (esp. given our adoption of towncrier)? |
|
@bhrutledge GitHub releases really are just a lot of extra work for not a lot of benefit from everything I've been able to tell. I suspect we could do something with annotated tag messages Genuinely though, I think shooting for GitHub releases is trying to solve the wrong problem. Also, only one of the examples actually uploads the build artifacts from PyPI ( |
|
@sigmavirus24 I think the overloading of the term "releases" might be causing some confusion. To clarify, I'm not advocating for replacing PyPI as the distribution mechanism. In fact, I'm not advocating strongly for anything, just bike-shedding alternatives, motivated by two things:
Re: motivation 1, creating a GitHub Release (starting at https://github.com/pypa/twine/releases/new) creates a tag, which I think would kick off the Re: motivation 2, I have always appreciated projects that have robust GitHub Release notes, similar to the repositories that I listed above. I often look there (in addition to hunting for a changelog), because it's quick, and if they exist, they're often nicely-formatted. I don't care about the assets. Again, for clarity, I'm not advocating for replacing Twine's current changelog. Rather, I'm pondering duplicating its contents in a common location to improve discoverability. But, that is a non-trivial extra step, and care has to be taken to keep GitHub Releases in sync with the official PyPI release. Also, we're already using annotated tags, because |
|
So using GitHub Actions to perform a release to PyPI is absolutely one thing. I'm all for automation of that. That's orthogonal to either building extra automation to put release notes in a 3rd (4th? 5th?) place. I'm strongly against release notes in GitHub Releases because the Release notes can be amended and updated. Who makes certain they're up-to-date there? GitHub Releases don't show you the entirety of release notes for a release so you can't view all the notes for all versions at once, you have to open several pages to get to that. Any decent tooling (including GitHub's own dependabot) knows how to find change-logs and the better automation tools know how to embed that information in the pull request (without it needing to be attached to a GitHub release). On the whole, putting the notes there doesn't seem to be a standard in the PyPA (as nothing seems to really be standardized) and doesn't buy us anything other than extra maintenance, plus inconsistency. The old versions don't have those notes. And if someone other than you performs the release and forgets to copy them there, people will open issues to "remind" us to put them there.
To be clear, if I'm landing on a project's repository, it's 1 click to find the Finally, creating a release creates implied assets that GitHub generates which you cannot disable last time I checked. So then you have 4 different 'canonical' assets. The 2 uploaded to PyPI (what you and I would rightly consider the real assets). The 2 GitHub creates which are now implicitly "official"/"canonical" as they're on the official project page (the hosted GitHub repository). This has generated confusion on other projects I'm part of and people then wonder why we're distributing assets that have the whole repository in them and why we don't distribute binaries.
And we'd need to start parsing the changes file to detect updates/amendments to the release section that corresponds with a given GitHub release and update that too. Otherwise we will get issues about "These notes say X, Y, and Z but these other notes also mention T, U, and V. What's the right thing and why haven't you updated the GitHub release?"
Right, I wrote that because annotated tags create "releases" on GitHub just without the changelog embedded. I'm wondering if we can simplify things and shove the changelog in that without messing around with the GitHub CLI or Releases (it still suffers the problem of not having a completely up-to-date set of notes if something is amended after the fact). |
|
Those are excellent points; happy to set GitHub Releases aside. Thanks for indulging me. |
|
On a whim, I created a lightweight release for 3.4.2 at https://github.com/pypa/twine/releases, which simply links to the PyPI page and the changelog. This feels like minimal overhead to make releases more discoverable, and could be automated via a GitHub Action. If there's appetite for this, I'd probably want to:
Again, mostly just bike-shedding here, based on my experience searching and browsing projects on GitHub, and because I seem to enjoy this kind of thing. |
|
Note for future releasers: currently, the twine/.github/workflows/main.yml Lines 72 to 76 in d82cd00 but not the integration (aka end-to-end) tests: twine/.github/workflows/integration.yml Lines 17 to 18 in d82cd00 This is because the integration tests have been flaky; see #684. It would be nice if we could confidently say "failing integration tests should block a release" and move those tests back into the main workflow, to be part of the release pipeline. Until then, it's up to releasers to wait for the result before tagging the release, as noted in the release instructions:
|
In #493, I set out to make the release process as lightweight as possible while keeping a reasonable level of reliability and auditability.
Today, I went to cut a quick release based on a PR, but ran into several steps that made it difficult.
First, the release process demands a PR, which implies:
Previously, this approach could be shortened to:
I tried expediting the process by merging locally and pushing that commit to master, but master is locked, so a PR is required.
This additional process multiplies the cost of cutting a release by several orders of magnitude and makes releasing something that requires a larger investment than necessary and will limit the frequency of releases.
I'd much rather see a streamlined process again.
The text was updated successfully, but these errors were encountered: