diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2674c18..92a9abd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,8 +9,7 @@ on: types: [published] permissions: - contents: read - id-token: write # Required for OIDC trusted publishing to PyPI + contents: write # Required for creating releases env: CARGO_TERM_COLOR: always @@ -77,6 +76,15 @@ jobs: echo "✅ bindings/wasm/package.json: $NPM_VERSION" fi + # Check Cargo.lock + LOCK_VERSION=$(grep -A1 '^name = "kya-validator"$' Cargo.lock | grep '^version =' | head -1 | sed 's/.*"\(.*\)".*/\1/') + if [ "$LOCK_VERSION" != "$RELEASE_VERSION" ]; then + echo "❌ Cargo.lock: $LOCK_VERSION (expected $RELEASE_VERSION)" + ERRORS=1 + else + echo "✅ Cargo.lock: $LOCK_VERSION" + fi + if [ $ERRORS -eq 1 ]; then echo "" echo "⚠️ Version mismatch detected!" @@ -84,6 +92,7 @@ jobs: echo " - Cargo.toml" echo " - pyproject.toml" echo " - bindings/wasm/package.json" + echo " - Cargo.lock (run: cargo update -p kya-validator)" exit 1 fi @@ -173,6 +182,7 @@ jobs: echo "Package: https://www.npmjs.com/package/@open-kya/kya-validator-wasm" >> $GITHUB_STEP_SUMMARY # Publish Python wheels to PyPI (Linux + macOS ARM64) + # Uses token-based authentication (PYPI_TOKEN secret) publish-pypi: name: Publish to PyPI (${{ matrix.os }}) needs: prepare @@ -180,9 +190,6 @@ jobs: matrix: os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} - environment: - name: pypi - url: https://pypi.org/p/kya-validator steps: - name: Checkout uses: actions/checkout@v4 @@ -206,9 +213,12 @@ jobs: uv run maturin build --release - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 - with: - packages-dir: target/wheels + env: + TWINE_USERNAME: __token__ + TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }} + run: | + uv pip install twine + uv run twine upload target/wheels/*.whl - name: Summary shell: bash diff --git a/Cargo.lock b/Cargo.lock index d74a7fe..ef63f92 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1666,7 +1666,7 @@ dependencies = [ [[package]] name = "kya-validator" -version = "0.2.0" +version = "0.2.3" dependencies = [ "alloy-sol-types", "anyhow", diff --git a/Cargo.toml b/Cargo.toml index 8828c5c..535cc64 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,7 +3,7 @@ [package] name = "kya-validator" -version = "0.2.2" +version = "0.2.3" edition = "2021" description = "Rust core KYA (Know Your Agent) validator with Python bindings, TEE support, and blockchain integration" license = "MPL-2.0" diff --git a/Makefile b/Makefile index f7cce3f..5a641ca 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ # kya-validator/Makefile PYTHON ?= $(shell (pyenv which python >/dev/null 2>&1 && pyenv which python) || which python3) -.PHONY: build test fmt lint python release verify demo-install demo-backend demo-frontend run fix-verify install-tools clean get-lastest-schema install +.PHONY: build test fmt lint python release verify demo-install demo-backend demo-frontend run fix-verify install-tools clean get-lastest-schema install check-version sync-version # Schema URL (raw content URL for downloading) # TODO: Update this URL when the Open KYA standard repo is available @@ -38,6 +38,48 @@ release: build install-tools: uv tool install maturin +# Check that all version files are synchronized +check-version: + @echo "Checking version consistency across all manifest files..." + @CARGO_VERSION=$$(grep '^version =' Cargo.toml | head -1 | sed 's/.*"\(.*\)".*/\1/'); \ + PYPROJECT_VERSION=$$(grep '^version =' pyproject.toml | head -1 | sed 's/.*"\(.*\)".*/\1/'); \ + NPM_VERSION=$$(grep '"version":' bindings/wasm/package.json | head -1 | sed 's/.*: *"\([^"]*\)".*/\1/'); \ + LOCK_VERSION=$$(grep -A1 '^name = "kya-validator"$$' Cargo.lock | grep '^version =' | head -1 | sed 's/.*"\(.*\)".*/\1/'); \ + ERRORS=0; \ + echo ""; \ + echo "Cargo.toml: $$CARGO_VERSION"; \ + echo "pyproject.toml: $$PYPROJECT_VERSION"; \ + echo "package.json: $$NPM_VERSION"; \ + echo "Cargo.lock: $$LOCK_VERSION"; \ + echo ""; \ + if [ "$$CARGO_VERSION" != "$$PYPROJECT_VERSION" ]; then \ + echo "❌ Cargo.toml != pyproject.toml"; \ + ERRORS=1; \ + fi; \ + if [ "$$CARGO_VERSION" != "$$NPM_VERSION" ]; then \ + echo "❌ Cargo.toml != package.json"; \ + ERRORS=1; \ + fi; \ + if [ "$$CARGO_VERSION" != "$$LOCK_VERSION" ]; then \ + echo "❌ Cargo.toml != Cargo.lock (run: make sync-version)"; \ + ERRORS=1; \ + fi; \ + if [ $$ERRORS -eq 1 ]; then \ + echo ""; \ + echo "⚠️ Version mismatch detected!"; \ + echo "Run 'make sync-version' to sync Cargo.lock"; \ + echo "Manually update Cargo.toml, pyproject.toml, and package.json to match"; \ + exit 1; \ + fi; \ + echo "✅ All versions match: $$CARGO_VERSION" + +# Sync Cargo.lock with Cargo.toml version +sync-version: + @echo "Syncing Cargo.lock..." + @cargo update -p kya-validator + @echo "✅ Cargo.lock updated" + @$(MAKE) check-version + demo-install: $(MAKE) -C apps/demo_backend install diff --git a/bindings/wasm/package.json b/bindings/wasm/package.json index 338fb32..0ee569f 100644 --- a/bindings/wasm/package.json +++ b/bindings/wasm/package.json @@ -1,6 +1,6 @@ { "name": "@open-kya/kya-validator-wasm", - "version": "0.2.2", + "version": "0.2.3", "description": "WebAssembly bindings for KYA (Know Your Agent) Validator - browser and Node.js", "keywords": [ "kya", diff --git a/pyproject.toml b/pyproject.toml index 9a08557..5e8e0b9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,7 +1,7 @@ # kya-validator/pyproject.toml [project] name = "kya-validator" -version = "0.2.2" +version = "0.2.3" description = "Rust core KYA (Know Your Agent) validator with Python bindings, TEE support, and blockchain integration" authors = [{name = "KYA Contributors", email = "lkl@cph.ai"}] readme = "README.md"