Skip to content

Fix stable PyPI publication retries#2944

Draft
UnArbosFive wants to merge 1 commit into
mainfrom
fix-stable-pypi-publish
Draft

Fix stable PyPI publication retries#2944
UnArbosFive wants to merge 1 commit into
mainfrom
fix-stable-pypi-publish

Conversation

@UnArbosFive

Copy link
Copy Markdown
Contributor

Problem

The release train publishes release candidates after testnet, but stable Python publication was coupled to creating the final GitHub release. The SDK also remained at its committed X.Y.Z.dev0 version during the stable build. If PyPI publication failed or only partially completed after the GitHub release was created, later watcher runs treated the release as finished and never retried it.

Fix

  • Track GitHub release completion and stable Python publication independently.
  • Resolve the provenance-gated release artifact for the runtime version actually running on mainnet, even if main has advanced while the multisig waits.
  • Stamp the SDK from X.Y.Z.dev0 to X.Y.Z and remove monorepo-only uv inputs before building the stable distribution.
  • Write a commit- and spec-bound release marker only after every Python distribution was uploaded or confirmed byte-identical on PyPI.
  • Retry missing or partial Python publication on later watcher runs without recreating the GitHub release.
  • Leave v432 on the explicitly manual recovery path.

The existing devnet/testnet release train and reusable core wheel workflow are unchanged.

Validation

  • Built and inspected the stable bittensor-11.0.0 wheel and source distribution.
  • Ran the focused SDK preparation test and runtime change-filter tests.
  • Ran Ruff, Python syntax checks, actionlint, YAML parsing, and git diff --check.
  • Completed independent testing, maintainability, red-team, and structured workflow review passes with no blocking findings.

@vercel

vercel Bot commented Jul 17, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
subtensor Ready Ready Preview, Comment Jul 17, 2026 1:42am

Request Review

@github-actions

github-actions Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

VERY HIGH account-age tier (15-day-old account, 0 public repos), mitigated by repository admin permission, substantive merged contributions, matching author/committer, and no Gittensor association; branch targets main.

Static review covered all seven changed files, with particular scrutiny of the release-artifact provenance gate, tag/commit binding, workflow permissions, shell inputs, PyPI retry state, and SDK version stamping. No protected AI-review instructions, runtime code, dependencies, or lockfiles are modified.

Findings

No findings.

Conclusion

No malicious behavior or security vulnerability was found. The release workflow continues to derive publish inputs from provenance-gated artifacts and validates the completion marker against the released tag and spec version.


🔍 AI Review — Auditor (domain review)

VERDICT: 👍

Gittensor association UNKNOWN; author is a repository administrator with substantial prior subtensor contributions. Applied normal maintainer-level scrutiny.

The implementation cleanly separates GitHub release and Python publication state, validates the release artifact against the on-chain spec version, and makes partial PyPI publication retryable through a commit-bound completion marker.

Focused SDK preparation and runtime change-filter tests pass. Both modified workflows parse as valid YAML, and git diff --check passes. No auto-fixes were needed. PR #2926 overlaps only in shared CI files and addresses unrelated runner caching, so it is not duplicate work.

Findings

No findings.

Conclusion

The change matches its description, includes appropriate focused tests and documentation, and introduces no runtime or migration implications. It is ready to merge.

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant