Skip to content

Fix stable PyPI publication retries#2944

Open
UnArbosFive wants to merge 1 commit into
mainfrom
fix-stable-pypi-publish
Open

Fix stable PyPI publication retries#2944
UnArbosFive wants to merge 1 commit into
mainfrom
fix-stable-pypi-publish

Conversation

@UnArbosFive

Copy link
Copy Markdown
Contributor

Problem

The release train publishes release candidates after testnet, but stable Python publication was coupled to creating the final GitHub release. The SDK also remained at its committed X.Y.Z.dev0 version during the stable build. If PyPI publication failed or only partially completed after the GitHub release was created, later watcher runs treated the release as finished and never retried it.

Fix

  • Track GitHub release completion and stable Python publication independently.
  • Resolve the provenance-gated release artifact for the runtime version actually running on mainnet, even if main has advanced while the multisig waits.
  • Stamp the SDK from X.Y.Z.dev0 to X.Y.Z and remove monorepo-only uv inputs before building the stable distribution.
  • Write a commit- and spec-bound release marker only after every Python distribution was uploaded or confirmed byte-identical on PyPI.
  • Retry missing or partial Python publication on later watcher runs without recreating the GitHub release.
  • Leave v432 on the explicitly manual recovery path.

The existing devnet/testnet release train and reusable core wheel workflow are unchanged.

Validation

  • Built and inspected the stable bittensor-11.0.0 wheel and source distribution.
  • Ran the focused SDK preparation test and runtime change-filter tests.
  • Ran Ruff, Python syntax checks, actionlint, YAML parsing, and git diff --check.
  • Completed independent testing, maintainability, red-team, and structured workflow review passes with no blocking findings.

@vercel

vercel Bot commented Jul 17, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
subtensor Ready Ready Preview, Comment Jul 17, 2026 1:42am

Request Review

@github-actions

github-actions Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

VERY HIGH account-age tier (15-day-old account, 0 public repos), mitigated by repository admin permission, substantive merged contributions, matching author/committer, and no Gittensor association; branch targets main.

Static review covered all seven changed files, focusing on artifact provenance, tag/commit binding, workflow permissions, PyPI retry state, and SDK version stamping. No protected AI-review instructions, runtime code, dependencies, or lockfiles are modified.

Findings

No findings.

Conclusion

No malicious behavior or security vulnerability was found. Publication remains bound to provenance-gated release artifacts, and completion markers are validated against the released commit and spec version.


🔍 AI Review — Auditor (domain review)

VERDICT: 👍

Gittensor association UNKNOWN; repository administrator with substantial subtensor contributions despite a recently created account. Maintainer-level scrutiny applied.

The implementation cleanly separates GitHub release completion from stable Python publication, validates the release artifact against the on-chain runtime, and makes partial PyPI publication retryable with a commit- and spec-bound marker. The focused tests and release-process documentation cover the changed behavior.

PR #2926 overlaps only in shared CI files and addresses unrelated runner caching; it is not duplicate work. No auto-fixes were needed.

Findings

No findings.

Conclusion

The change matches its substantive description and introduces no runtime or migration implications. It is ready to merge.

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@UnArbosFive UnArbosFive reopened this Jul 17, 2026
@UnArbosFive
UnArbosFive marked this pull request as ready for review July 17, 2026 11:36
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant