Skip to content

Bump version to 0.5.2 and guard tag/version drift#8

Merged
turtleDev merged 1 commit into
mainfrom
pypi-release-versioning
Jul 14, 2026
Merged

Bump version to 0.5.2 and guard tag/version drift#8
turtleDev merged 1 commit into
mainfrom
pypi-release-versioning

Conversation

@turtleDev

Copy link
Copy Markdown
Contributor

Why

The v0.5.1 publish run failed. actions/checkout resolves the release tag, but uv build reads the version from pyproject.toml — which was never bumped past 0.5.0. The job rebuilt bruin_sdk-0.5.0 and PyPI refused it:

400 Uploading new files to releases older than 14 days is not allowed.

0.5.0 was published 2026-03-16, so the artifact was rejected. The tag name never reaches the built distribution; only pyproject.toml determines it.

What changed

  • pyproject.toml — version 0.5.00.5.2. Skipping 0.5.1 because that tag already points at a 0.5.0 tree; cutting fresh avoids rewriting a published ref. PyPI has never seen 0.5.1 or 0.5.2.

  • .github/workflows/publish.yml — assert the release tag matches the pyproject version before uv build. A missed bump now fails loudly instead of silently rebuilding a stale version and dying at upload.

  • src/bruin/__init__.py__version__ was independently stale at 0.4.0, a second version source nothing kept in sync with pyproject's 0.5.0. It now derives from installed distribution metadata, making pyproject.toml authoritative.

Verification

  • Built artifacts are bruin_sdk-0.5.2.tar.gz / .whl.
  • Installed the wheel into a clean venv: bruin.__version__ == "0.5.2".
  • Exercised the PackageNotFoundError fallback (source tree, no install): resolves to 0.0.0.dev0, does not raise.
  • Guard logic replayed against the failure: v0.5.1 + 0.5.0 blocks; v0.5.2 + 0.5.2 proceeds.
  • ruff format --check and ruff check pass.
  • pytest: 211 pass, 8 fail. The 8 failures are pre-existing on main (ModuleNotFoundError: psycopg2, an optional extra) and reproduce with these changes stashed.

Follow-up (not in this PR)

uv.lock is stale on main — it pins requires-python = ">=3.9" while pyproject.toml requires >=3.10, and predates the fabric extra's azure-identity dependency. A uv sync regenerates ~233KB of churn. Unrelated to publishing, so left for a separate PR.

Releasing after merge

Tag v0.5.2 on the merge commit and publish a GitHub release; the workflow triggers on release: published.

The v0.5.1 release failed to publish. actions/checkout resolves the
release tag, but uv build reads the version from pyproject.toml, which
was never bumped past 0.5.0. The job rebuilt bruin_sdk-0.5.0 and PyPI
rejected the upload:

  400 Uploading new files to releases older than 14 days is not allowed

0.5.0 was published four months prior, so the artifact was refused. The
tag name never reaches the built distribution.

Bump the version to 0.5.2, leaving 0.5.1 unused since its tag already
points at a 0.5.0 tree.

Add a publish-time check asserting the release tag matches the
pyproject version, so a missed bump fails before uv build rather than
silently rebuilding a stale version.

__version__ in src/bruin/__init__.py had drifted independently to
0.4.0, a second version source that nothing kept in sync. Derive it
from installed distribution metadata instead, making pyproject.toml
authoritative.
@turtleDev turtleDev merged commit 868166c into main Jul 14, 2026
4 checks passed
@turtleDev turtleDev deleted the pypi-release-versioning branch July 14, 2026 08:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants