Skip to content

PyPI Publishing & Distribution #14

Open
Open
PyPI Publishing & Distribution#14
Milestone
PyPI Release v1.0.0
@CallMarcus

Description

@CallMarcus
CallMarcus
opened on Sep 5, 2025

Phase 4: PyPI Publishing & Distribution

Final phase to build, upload, and distribute the package on PyPI for global availability.

Pre-Publishing Setup:

Build Process:

  • Clean any existing build artifacts: rm -rf dist/ build/ *.egg-info/
  • Build source distribution: python -m build --sdist
  • Build wheel distribution: python -m build --wheel
  • Verify build artifacts in dist/ directory
  • Check package integrity: twine check dist/*

TestPyPI Upload (Staging):

  • Upload to TestPyPI first: twine upload --repository testpypi dist/*
  • Test installation from TestPyPI: 
    pip install --index-url https://test.pypi.org/simple/ domain-security-analyzer
  • Validate all functionality works from TestPyPI install
  • Test CLI: domain-analyzer --help
  • Run sample analysis to verify SRI scanning works

Production PyPI Upload:

  • Upload to production PyPI: twine upload dist/*
  • Verify package appears at: https://pypi.org/project/domain-security-analyzer/
  • Test production installation: pip install domain-security-analyzer
  • Validate package description and metadata display correctly

Git Release Management:

  • Create Git tag for v1.0.0: git tag -a v1.0.0 -m "Release v1.0.0 with SRI scanning"
  • Push tag to GitHub: git push origin v1.0.0
  • Create GitHub release with detailed release notes
  • Include key features: SRI scanning, SecurityScorecard integration, 29-column CSV

Post-Release Validation:

  • Test fresh installation in clean environment: 
    python -m venv test_env
source test_env/bin/activate  # Windows: test_env\Scripts\activate
pip install domain-security-analyzer
domain-analyzer --version
  • Verify CLI works: domain-analyzer examples/domains.txt test.csv
  • Confirm all 29 CSV columns generate correctly
  • Test SRI detection with sample domains

Documentation Updates:

  • Update README.md with PyPI installation instructions
  • Add PyPI badges:
    • PyPI version
    • Python versions
    • Downloads
  • Update repository about/description with PyPI link
  • Create release announcement for GitHub Releases

Monitoring & Maintenance:

  • Monitor PyPI download statistics
  • Watch for user issues and bug reports
  • Plan version 1.0.1 patch release if needed
  • Set up automated dependency updates

Release Commands Summary:

# Build package
python -m build

# Check package
twine check dist/*

# Upload to TestPyPI
twine upload --repository testpypi dist/*

# Upload to PyPI
twine upload dist/*

# Create release tag
git tag -a v1.0.0 -m "Release v1.0.0: SRI scanning and SecurityScorecard integration"
git push origin v1.0.0

Acceptance Criteria:

  • Package available on PyPI: https://pypi.org/project/domain-security-analyzer/
  • Installation works: pip install domain-security-analyzer
  • CLI accessible globally: domain-analyzer --help
  • All features functional from PyPI install
  • GitHub release created with comprehensive notes
  • Documentation updated with installation instructions

Priority: Critical - Final release step

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions