[build] Finalize PyPI publish job and release checklist

Author: Breakthrough

.github/workflows/publish-pypi.yml

@@ -16,103 +16,94 @@ on:
         default: 'testpypi'
 
 jobs:
+  # Production publishes require all three release workflows to be green for the tag.
+  # TestPyPI publishes are exploratory and skip this job; the Resolve step in `publish`
+  # still gates on a successful Python Distribution run so artifacts are guaranteed to exist.
   verify:
     name: Verify Build
+    if: github.event.inputs.environment == 'pypi'
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
     steps:
-      - name: Check workflows
-        uses: actions/github-script@v8
-        with:
-          script: |
-            const { owner, repo } = context.repo;
-            const tag = "${{ github.event.inputs.tag }}";
-            const requiredWorkflows = ['Windows Distribution', 'Python Distribution'];
-            let workflowConclusions = {};
-
-            console.log(`Checking for successful workflow runs for tag: ${tag}`);
-
-            const { data: response } = await github.rest.actions.listWorkflowRunsForRepo({
-              owner,
-              repo,
-              event: 'push',
-            });
-
-            const runsForTag = response.workflow_runs.filter(run => run.head_branch === tag);
-
-            for (const run of runsForTag) {
-              if (requiredWorkflows.includes(run.name)) {
-                if (!workflowConclusions[run.name] || new Date(run.created_at) > new Date(workflowConclusions[run.name].created_at)) {
-                  workflowConclusions[run.name] = {
-                    conclusion: run.conclusion,
-                    created_at: run.created_at,
-                    html_url: run.html_url,
-                  };
-                }
-              }
-            }
-
-            let allSuccess = true;
-            for (const workflowName of requiredWorkflows) {
-              if (!workflowConclusions[workflowName]) {
-                core.setFailed(`Workflow "${workflowName}" was not found for tag ${tag}.`);
-                allSuccess = false;
-              } else if (workflowConclusions[workflowName].conclusion !== 'success') {
-                core.setFailed(`Workflow "${workflowName}" did not succeed for tag ${tag}. Conclusion was "${workflowConclusions[workflowName].conclusion}". See: ${workflowConclusions[workflowName].html_url}`);
-                allSuccess = false;
-              } else {
-                console.log(`[OK] Workflow "${workflowName}" succeeded for tag ${tag}.`);
-              }
-            }
-
-            if (!allSuccess) {
-              throw new Error("One or more required build workflows did not succeed.");
-            }
+      - name: Check required workflows succeeded for ${{ github.event.inputs.tag }}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_REPO: ${{ github.repository }}
+          TAG: ${{ github.event.inputs.tag }}
+        run: |
+          set -euo pipefail
+          required=("Python Distribution" "Windows Distribution" "Release Test Suite")
+          failed=0
+          for workflow in "${required[@]}"; do
+            conclusion=$(gh run list \
+              --workflow "$workflow" \
+              --branch "$TAG" \
+              --event push \
+              --limit 1 \
+              --json conclusion \
+              -q '.[0].conclusion // ""')
+            if [[ "$conclusion" != "success" ]]; then
+              echo "::error::Workflow '$workflow' did not succeed for tag $TAG (got: '${conclusion:-no run found}')"
+              failed=1
+            else
+              echo "[OK] $workflow"
+            fi
+          done
+          [[ "$failed" -eq 0 ]]
 
   publish:
-    name: Building and Publishing to ${{ github.event.inputs.environment }} PyPI
+    name: Publish ${{ github.event.inputs.tag }} to ${{ github.event.inputs.environment }}
     runs-on: ubuntu-latest
     needs: verify
+    # Run when verify succeeded (pypi) or was skipped (testpypi).
+    if: |
+      always() &&
+      (needs.verify.result == 'success' || needs.verify.result == 'skipped')
 
     environment:
       name: ${{ github.event.inputs.environment }}
       url: ${{ github.event.inputs.environment == 'testpypi' && 'https://test.pypi.org/p/scenedetect' || 'https://pypi.org/p/scenedetect' }}
 
     permissions:
-      id-token: write  # IMPORTANT: mandatory for trusted publishing
+      id-token: write  # mandatory for trusted publishing
+      actions: read    # for cross-workflow artifact download
 
     steps:
-      - name: Checkout ${{ github.event.inputs.tag }}
-        uses: actions/checkout@v5
-        with:
-          ref: ${{ github.event.inputs.tag }}
-
-      - name: Set up Python
-        uses: actions/setup-python@v6
-        with:
-          python-version: "3.x"
-          cache: 'pip'
-
-      - name: Install Dependencies
+      - name: Resolve Python Distribution run for ${{ github.event.inputs.tag }}
+        id: resolve
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_REPO: ${{ github.repository }}
+          TAG: ${{ github.event.inputs.tag }}
         run: |
-          python -m pip install --upgrade pip
-          pip install build twine
-
-      - name: Build Package
-        run: |
-          python -m build
-          python packaging/build_headless.py
-          python -m build
-          mkdir pkg
-          mv dist/*.tar.gz pkg/
-          mv dist/*.whl pkg/
-
-      - name: Upload Package
-        uses: actions/upload-artifact@v6
+          set -euo pipefail
+          run_id=$(gh run list \
+            --workflow "Python Distribution" \
+            --branch "$TAG" \
+            --event push \
+            --status success \
+            --limit 1 \
+            --json databaseId \
+            -q '.[0].databaseId // ""')
+          if [[ -z "$run_id" ]]; then
+            echo "::error::No successful 'Python Distribution' run found for tag $TAG. Push the tag and wait for build.yml to finish before publishing."
+            exit 1
+          fi
+          echo "run-id=$run_id" >> "$GITHUB_OUTPUT"
+          echo "Using Python Distribution run $run_id"
+
+      - name: Download distribution artifact
+        uses: actions/download-artifact@v7
         with:
           name: scenedetect-dist
-          path: |
-            pkg/*.tar.gz
-            pkg/*.whl
+          path: pkg/
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          repository: ${{ github.repository }}
+          run-id: ${{ steps.resolve.outputs.run-id }}
+
+      - name: List artifact contents
+        run: ls -la pkg/
 
       - name: Publish Package
         uses: pypa/gh-action-pypi-publish@release/v1

RELEASE-PLAN.md

@@ -52,7 +52,8 @@ Optional: version referenced below as `X.Y[.Z]` - replace with the real version
 ## 6. Publish & Release Checks
 
 - [ ] Publish Github release
-- [ ] Upload to PyPI: `publish-pypi.yml` should run on the tag and upload. Verify both projects: https://pypi.org/project/scenedetect/ and https://pypi.org/project/scenedetect-headless/.
+- [ ] Upload to PyPI: `publish-pypi.yml` must be manually triggered on a release tag. Specify `testpypi` first, and make sure everything goes okay on the test instance. When verified and smoke tested, specify `pypi` as the environment, and publish the production package.
+- [ ] Verify both projects: https://pypi.org/project/scenedetect/ and https://pypi.org/project/scenedetect-headless/.
 - [ ] Merge `releases/X.Y` back into `main`.
 - [ ] Deploy website: `generate-website.yml` picks up the changelog / download page updates.
 - [ ] Deploy docs: `generate-docs.yml` publishes the new version.

pyproject.toml

@@ -58,9 +58,9 @@ website = ["mkdocs==1.5.2", "jinja2>=3.1.6"]
 
 [project.urls]
 Homepage = "https://www.scenedetect.com"
-Repository = "https://github.com/Breakthrough/PySceneDetect/"
 Documentation = "https://www.scenedetect.com/docs/"
-"Bug Tracker" = "https://github.com/Breakthrough/PySceneDetect/issues/"
+Source = "https://github.com/Breakthrough/PySceneDetect"
+Issues = "https://github.com/Breakthrough/PySceneDetect/issues"
 
 [project.scripts]
 scenedetect = "scenedetect.__main__:main"

scenedetect/__init__.py

@@ -75,7 +75,7 @@
 
 # Used for module identification and when printing version & about info
 # (e.g. calling `scenedetect version` or `scenedetect about`).
-__version__ = "0.7-dev0"
+__version__ = "0.7-dev1"
 
 init_logger()
 logger = getLogger("pyscenedetect")