Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -223,11 +223,11 @@ jobs:

- name: Validate wheels
run: |
pip install "twine>=6.1,<6.2"
pip install check-wheel-contents
for whl in dist/*.whl; do
unzip -qt "$whl"
done
twine check dist/*
check-wheel-contents dist/*.whl

- name: Check PyPI for existing version
id: pypi-check
Expand Down
6 changes: 4 additions & 2 deletions docs/content/docs/more/changelog.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,10 @@ Patch release: publish workflow hardening.
- **PyPI publish pre-check.** Publish job now queries PyPI before uploading,
compares SHA-256 hashes per artifact, and skips upload when all wheels are
already present. Prevents `400 File already exists` on workflow reruns.
- **PEP 639 compatibility.** Dropped `twine check --strict` which rejected the
`License-File` metadata emitted by maturin 1.13.3. Pinned `twine>=6.1`.
- **PEP 639 compatibility.** Replaced `twine check` with `check-wheel-contents`
for wheel validation. `twine check` broke on PEP 639 `License-File` metadata
emitted by maturin 1.13.3 (`packaging` library incompatibility). Structural
validation via `check-wheel-contents`; PyPI validates metadata on upload.
- **Timeout guards.** Added `timeout=30` on PyPI API calls and
`--connect-timeout 10 --max-time 30` on verification curl.
- **Dashboard artifact download retry.** Extracted dashboard download into a
Expand Down