DataLex ships the datalex-cli Python package on PyPI plus tagged GitHub
releases. Every release is cut from a signed semver tag; CI handles the rest.
The first release needs a PyPI "trusted publisher" entry so our GitHub Actions workflow can publish without storing a long-lived API token.
-
Create (or log in to) an account at https://pypi.org/.
-
Under Add a new pending publisher, fill in:
Field Value PyPI Project Name datalex-cliOwner duckcode-aiRepository name DataLexWorkflow name publish.ymlEnvironment name pypi -
Submit. PyPI now trusts GitHub Actions runs from
duckcode-ai/DataLexin thepypienvironment to publish thedatalex-cliproject.
On the GitHub side, create an environment called pypi under
Settings → Environments. Optionally require a reviewer there so
publishes pause for human approval.
-
Bump the version in
pyproject.toml(project.version). -
Update
CHANGELOG.md— move items from[Unreleased]into a new[X.Y.Z] — YYYY-MM-DDsection. Add the compare link at the bottom. -
Open a PR. Merge once green.
-
Tag from
main:git checkout main git pull git tag -a vX.Y.Z -m "Release vX.Y.Z" git push origin vX.Y.Z -
The
Publish to PyPIworkflow fires on the tag. It builds an sdist and wheel, verifies the bundled JSON Schemas are in the wheel, and uploads to PyPI via OIDC. -
Draft the GitHub release at https://github.com/duckcode-ai/DataLex/releases/new with the tag selected. Paste the new
CHANGELOG.mdsection as the release notes.
Before tagging, verify the artifacts build cleanly:
python3 -m pip install --upgrade build twine
rm -rf dist/ build/
(cd packages/web-app && npm ci && npm run build)
dest_core="packages/core_engine/src/datalex_core"
rm -rf "$dest_core/_webapp" "$dest_core/_server"
mkdir -p "$dest_core/_webapp" "$dest_core/_server"
cp -R packages/web-app/dist/. "$dest_core/_webapp/"
cp -R packages/api-server/. "$dest_core/_server/"
rm -rf "$dest_core/_server/test" "$dest_core/_server/node_modules"
(cd "$dest_core/_server" && npm ci --omit=dev && rm -f package-lock.json)
python3 -m build
python3 -m twine check dist/*Smoke-test the wheel in a throwaway venv:
python3 -m venv /tmp/dl-smoke
/tmp/dl-smoke/bin/pip install dist/datalex_cli-*.whl
/tmp/dl-smoke/bin/datalex --help0.x.y— pre-1.0, breaking changes may land on minor bumps, but always called out inCHANGELOG.md.1.0.0and after — strict semver: breaking changes require a major bump.
Security patches backport only to the most recent tagged release. See SECURITY.md for the supported-versions matrix and reporting process.