refactor: Overhaul Python SDK CI/CD with a dedicated release workflow, broadened CI triggers, and updated build configurations.

Author: Madraka

.coverage

@@ -2,16 +2,16 @@
 
 ## Overview
 
-The Python SDK has its own self-contained CI/CD workflow located in `sdk/python/.github/workflows/`. This allows the SDK to be managed independently and potentially moved to its own repository in the future.
+The LNMP Python SDK has two main GitHub Actions workflows for continuous integration and release automation.
 
 ## Workflow Structure
 
-### 1. **ci.yml** - Main CI/CD Pipeline
+### 1. **ci.yml** - Continuous Integration
 
 **Triggers:**
-- Push to `main` or `develop` branches (when SDK files change)
-- Pull requests to `main` (when SDK files change)
-- Release events
+- Push to `main` or `develop` branches
+- Pull requests to `main`
+- Manual workflow dispatch
 
 **Jobs:**
 
@@ -25,16 +25,16 @@ The Python SDK has its own self-contained CI/CD workflow located in `sdk/python/
 - Runs pytest with coverage reporting
 - Uploads coverage to Codecov
 
-#### Build Wheels
-- Only runs on release events
+#### Build Wheels (Manual Only)
+- Triggered via `workflow_dispatch`
 - Builds native wheels for:
-  - Linux (x86_64, aarch64)
+  - Linux (x86_64)
   - macOS (x86_64, arm64)
   - Windows (x86_64)
 - Uploads wheels as artifacts
 
-#### Publish to PyPI
-- Only runs for non-prerelease releases
+#### Publish to PyPI (Manual Only)
+- Triggered via `workflow_dispatch`
 - Downloads all platform wheels
 - Publishes to PyPI using trusted publisher (OIDC)
 
@@ -43,45 +43,107 @@ The Python SDK has its own self-contained CI/CD workflow located in `sdk/python/
 - Executes performance benchmarks
 - Uploads results as artifacts
 
-## Path Filtering
+---
 
-All jobs use path filtering to only run when SDK-specific files change:
-```yaml
-paths:
-  - 'sdk/python/**'
-  - '.github/workflows/python-ci.yml'
-```
+### 2. **release.yml** - Automated Releases
+
+**Triggers:**
+- Push tags matching `v*` (e.g., `v0.5.7`)
+
+**Jobs:**
 
-## Independence from Main Repo
+#### Test
+- Matrix testing across Python 3.9-3.12 and all platforms
+- Ensures quality before release
 
-This structure allows the SDK to:
-1. Have its own release cycle
-2. Be tested independently
-3. Maintain separate versioning
-4. Eventually move to its own repository with minimal changes
+#### Build Wheels
+- Builds wheels for all supported platforms:
+  - Linux x86_64
+  - macOS universal2 (x86_64 + arm64)
+  - Windows x86_64
+- Uploads as artifacts
+
+#### Build Source Distribution
+- Creates source distribution (sdist)
+- Uploads as artifact
 
-## Future Migration
+#### Publish to PyPI
+- Downloads all wheels and sdist
+- Publishes to PyPI using trusted publisher
+- Only runs for version tags (not pre-releases)
 
-To move the SDK to a separate repository:
-1. Copy `sdk/python/` to new repo root
-2. Update path filters in workflow (remove `sdk/python/` prefix)
-3. Update checkout paths
-4. Set up PyPI trusted publisher for new repo
-5. Update documentation links
+#### Create GitHub Release
+- Creates GitHub release with changelog
+- Attaches all wheels and sdist
+- Marks pre-releases appropriately
 
 ## Environment Variables
 
-The workflow uses:
+Both workflows use:
 - `CARGO_TERM_COLOR=always` - Colored Cargo output
 - `RUST_BACKTRACE=1` - Full backtraces on errors
+- `PYTHONPATH=$PWD:$PYTHONPATH` - For local package imports
+
+## PyPI Publishing Setup
 
-## Secrets Required
+### Trusted Publisher (Recommended) ✅
 
-For PyPI publishing, configure:
-- **Trusted Publisher (Recommended)**: Configure at https://pypi.org/manage/account/publishing/
-  - Owner: `lnmplang`
-  - Repository: `lnmp-protocol` (or new SDK repo name)
-  - Workflow: `ci.yml`
-  - Environment: `pypi`
+Configure at https://pypi.org/manage/account/publishing/
+
+**Settings:**
+- **Owner**: Your GitHub username or organization
+- **Repository**: `lnmp-sdk-python`
+- **Workflow**: `release.yml`
+- **Environment**: `pypi`
 
 No manual tokens required with trusted publishers!
+
+### Alternative: Manual Token
+
+If trusted publisher isn't available:
+1. Generate PyPI API token at https://pypi.org/manage/account/token/
+2. Add as GitHub secret: `PYPI_TOKEN`
+3. Update workflow to use token-based authentication
+
+## Release Process
+
+### Creating a Release
+
+```bash
+# 1. Update version in pyproject.toml and Cargo.toml
+# 2. Commit changes
+git add pyproject.toml Cargo.toml
+git commit -m "chore: bump version to 0.5.7"
+
+# 3. Create and push tag
+git tag v0.5.7
+git push origin main
+git push origin v0.5.7
+
+# 4. GitHub Actions automatically:
+#    - Runs tests
+#    - Builds wheels for all platforms
+#    - Publishes to PyPI
+#    - Creates GitHub Release
+```
+
+### Pre-release
+
+```bash
+# Use pre-release tag format
+git tag v0.5.7-beta.1
+git push origin v0.5.7-beta.1
+
+# Workflow will create GitHub release but skip PyPI
+```
+
+## Required GitHub Secrets
+
+- None required if using PyPI trusted publisher
+- `PYPI_TOKEN` - Only if using manual token authentication
+
+## Permissions
+
+Workflows require:
+- `contents: write` - For creating GitHub releases
+- `id-token: write` - For PyPI trusted publishing

.github/WORKFLOW.md

@@ -3,15 +3,9 @@ name: Python SDK CI/CD
 on:
   push:
     branches: [ main, develop ]
-    paths:
-      - 'sdk/python/**'
-      - '.github/workflows/python-ci.yml'
   pull_request:
     branches: [ main ]
-    paths:
-      - 'sdk/python/**'
-  release:
-    types: [published]
+  workflow_dispatch:
 
 env:
   CARGO_TERM_COLOR: always
@@ -24,9 +18,6 @@ jobs:
   quality:
     name: Code Quality (Rust)
     runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: sdk/python
 
     steps:
       - uses: actions/checkout@v4
@@ -44,8 +35,8 @@ jobs:
             ~/.cargo/registry/index/
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
-            sdk/python/target/
-          key: ${{ runner.os }}-cargo-${{ hashFiles('sdk/python/Cargo.lock') }}
+            target/
+          key: ${{ runner.os }}-cargo-${{ hashFiles('Cargo.lock') }}
 
       - name: Run rustfmt
         run: cargo fmt --all -- --check
@@ -69,10 +60,6 @@ jobs:
         os: [ubuntu-latest, macos-latest, windows-latest]
         python-version: ['3.9', '3.10', '3.11', '3.12']
 
-    defaults:
-      run:
-        working-directory: sdk/python
-    
     steps:
       - uses: actions/checkout@v4
 
@@ -104,13 +91,15 @@ jobs:
         run: maturin develop --release
 
       - name: Run Python Tests
-        run: pytest tests/ -v --cov=lnmp --cov-report=xml
+        run: |
+          export PYTHONPATH=$PWD:$PYTHONPATH
+          pytest tests/ -v --cov=lnmp --cov-report=xml
       
       - name: Upload Coverage
         if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11'
         uses: codecov/codecov-action@v3
         with:
-          file: ./sdk/python/coverage.xml
+          file: ./coverage.xml
           flags: python-sdk
 
   # ============================================
@@ -120,7 +109,7 @@ jobs:
     name: Build Wheels (${{ matrix.target }})
     runs-on: ${{ matrix.os }}
     needs: test
-    if: github.event_name == 'release'
+    if: github.event_name == 'workflow_dispatch'
     strategy:
       matrix:
         include:
@@ -144,11 +133,6 @@ jobs:
           - os: windows-latest
             target: x86_64-pc-windows-msvc
             name: windows-x86_64
-    
-    defaults:
-      run:
-        working-directory: sdk/python
-    
     steps:
       - uses: actions/checkout@v4
 
@@ -172,7 +156,7 @@ jobs:
         uses: actions/upload-artifact@v3
         with:
           name: wheels-${{ matrix.name }}
-          path: sdk/python/dist/*.whl
+          path: dist/*.whl
 
   # ============================================
   # Job 4: Publish to PyPI
@@ -181,7 +165,7 @@ jobs:
     name: Publish to PyPI
     runs-on: ubuntu-latest
     needs: build
-    if: github.event_name == 'release' && !github.event.release.prerelease
+    if: github.event_name == 'workflow_dispatch'
     environment:
       name: pypi
       url: https://pypi.org/p/lnmp
@@ -213,9 +197,6 @@ jobs:
     runs-on: ubuntu-latest
     needs: quality
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-    defaults:
-      run:
-        working-directory: sdk/python
 
     steps:
       - uses: actions/checkout@v4
@@ -240,4 +221,4 @@ jobs:
         uses: actions/upload-artifact@v3
         with:
           name: benchmarks
-          path: sdk/python/BENCHMARKS.md
+          path: BENCHMARKS.md