Add Automation of Python SDK Release Process.

.VERSION

@@ -0,0 +1 @@
+0.3.1

.github/workflows/release.yml

@@ -0,0 +1,171 @@
+name: Release Python SDKs
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "Version number"
+        required: true
+        type: string
+      build_number:
+        description: "Build number "
+        required: true
+        type: string
+
+jobs:
+  prepare-release:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v4
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - name: Parse and Validate Inputs
+        run: |
+          # Get inputs passed to the workflow
+          VERSION="${{ github.event.inputs.version }}"
+          BUILD_NUMBER="${{ github.event.inputs.build_number }}"
+
+          # Save the parsed values for future steps
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
+          echo "BUILD_NUMBER=$BUILD_NUMBER" >> $GITHUB_ENV
+        shell: bash
+
+      - name: Run the Prep Release Script
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          make prep-release VERSION="$VERSION" BUILD_NUMBER="$BUILD_NUMBER"
+        shell: bash
+
+  build-wheels:
+    name: Build wheels for Python SDK on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    if: startsWith(github.ref, 'refs/heads/sdk-core/')
+    needs: [prepare-release]
+    strategy:
+      fail-fast: false
+      matrix:
+        # macOS 13 is an Intel runner and macOS 14 is an Apple Silicon runner
+        os: [ubuntu-22.04, ubuntu-22.04-arm, windows-latest, macos-13, macos-14]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Upgrade build dependencies
+        run: python -m pip install --upgrade pip setuptools wheel
+
+      # Need to grab the SDK version for the wheel name
+      - name: Extract SDK Version
+        run: echo "SDK_VERSION=$(cat .VERSION)" >> "$GITHUB_ENV"
+        shell: bash
+
+      - name: Install cibuildwheel
+        run: |
+          python -m pip install cibuildwheel
+
+      - name: Build wheels
+        env:
+          CIBW_SKIP: pp* *-musllinux_*
+          CIBW_MANYLINUX_X86_64_IMAGE: "quay.io/pypa/manylinux_2_34_x86_64"
+          CIBW_MANYLINUX_AARCH64_IMAGE: "quay.io/pypa/manylinux_2_34_aarch64"
+          CIBW_ARCHS: "native"
+          CIBW_BEFORE_BUILD_WINDOWS: "pip install delvewheel"
+          CIBW_REPAIR_WHEEL_COMMAND_WINDOWS: "delvewheel repair -w {dest_dir} {wheel}"
+          CIBW_TEST_REQUIRES: "pydantic pytest pytest-asyncio"
+          MACOSX_DEPLOYMENT_TARGET: "12.0"
+          CIBW_TEST_COMMAND: "python -m pytest {project}/src/onepassword/test_client.py"
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }}
+          CIBW_ENVIRONMENT_PASS_LINUX: OP_SERVICE_ACCOUNT_TOKEN # We have to specify this to pass the token to the test command
+        run: |
+          python -m cibuildwheel --output-dir dist
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: onepassword-sdk-${{ env.SDK_VERSION }}-${{ matrix.os }}
+          path: ./dist/*.whl
+
+  build-sdist:
+    name: Build source distribution for Python SDK
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/heads/sdk-core/')
+    needs: [prepare-release]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+        # Need to grab the SDK version for the wheel name
+      - name: Extract SDK Version
+        run: echo "SDK_VERSION=$(cat .VERSION)" >> "$GITHUB_ENV"
+        shell: bash
+
+      - name: Install dependencies
+        run: pip3 install build pydantic pytest pytest-asyncio
+
+      - name: Build source distribution
+        run: python3 -m build --sdist
+
+      - name: Test Source Distribution
+        env:
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TEST_SERVICE_ACCOUNT_TOKEN }}
+        run: |
+          python3 -m pip install dist/*.tar.gz
+          python3 -m pytest src/onepassword/test_client.py
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: onepassword-sdk-${{ env.SDK_VERSION }}
+          path: ./dist/*.tar.gz
+
+  Release-SDK:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/heads/sdk-core/') # Only run on branches that start with sdk-core/
+    needs: [build-wheels, build-sdist]
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_tag_gpgsign: true
+
+      - name: Run the Release Script
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: make release
+        shell: bash
+
+  publish-to-pypi:
+    name: Publish to PyPI
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/heads/sdk-core/')
+    environment:
+      name: pypi
+      url: https://pypi.org/project/onepassword-sdk/
+    permissions:
+      id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
+    needs: [Release-SDK]
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: onepassword-sdk-*
+          path: ./dist
+          merge-multiple: true
+      - name: Publish package distributions to PyPi
+        uses: pypa/gh-action-pypi-publish@release/v1.12

pyproject.toml

@@ -0,0 +1,33 @@
+[build-system]
+requires = ["setuptools>=66", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "onepassword-sdk"
+dynamic = ["version"]
+description = "The 1Password Python SDK offers programmatic read access to your secrets in 1Password in an interface native to Python."
+authors = [{ name = "1Password" }]
+license = { file = "LICENSE" }
+readme = "README.md"
+requires-python = ">=3.9"
+classifiers = [
+    "Development Status :: 5 - Production/Stable",
+    "Operating System :: MacOS",
+    "Operating System :: POSIX :: Linux",
+    "Operating System :: Microsoft :: Windows",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "License :: OSI Approved :: MIT License",
+]
+dependencies = [
+    "pydantic>=2.5",
+]
+
+[project.urls]
+Homepage = "https://github.com/1Password/onepassword-sdk-python"
+
+[tool.setuptools.dynamic]
+version = {file = "./.VERSION"}

setup.py

@@ -1,7 +1,5 @@
-from pathlib import Path
-from setuptools import setup, find_packages
+from setuptools import setup, find_packages, Distribution
 from sysconfig import get_platform
-from version import SDK_VERSION
 import platform
 import os
 
@@ -19,6 +17,9 @@ def finalize_options(self):
 except ImportError:
     bdist_wheel = None
 
+class BinaryDistribution(Distribution):
+    def has_ext_modules(self):
+        return True
 
 def get_shared_library_data_to_include():
     # Return the correct uniffi C shared library extension for the given platform
@@ -46,35 +47,11 @@ def get_shared_library_data_to_include():
 
 
 setup(
-    name="onepassword-sdk",
-    version=SDK_VERSION,
-    author="1Password",
-    long_description=(Path(__file__).parent / "README.md").read_text(),
-    long_description_content_type="text/markdown",
-    description="The 1Password Python SDK offers programmatic read access to your secrets in 1Password in an interface native to Python.",
-    url="https://github.com/1Password/onepassword-sdk-python",
     packages=find_packages(
         where="src",
     ),
-    license="MIT",
-    license_files="LICENSE",
+    distclass=BinaryDistribution,
     package_dir={"": "src"},
-    python_requires=">=3.9",
-    classifiers=[
-        "Development Status :: 5 - Production/Stable",
-        "Operating System :: MacOS",
-        "Operating System :: POSIX :: Linux",
-        "Operating System :: Microsoft :: Windows",
-        "Programming Language :: Python :: 3.9",
-        "Programming Language :: Python :: 3.10",
-        "Programming Language :: Python :: 3.11",
-        "Programming Language :: Python :: 3.12",
-        "Programming Language :: Python :: 3.13",
-        "License :: OSI Approved :: MIT License",
-    ],
     cmdclass={"bdist_wheel": bdist_wheel},
     package_data={"": get_shared_library_data_to_include()},
-    install_requires=[
-        "pydantic>=2.5",  # Minimum Pydantic version to run the Python SDK
-    ],
 )

src/release/README.md

@@ -1,5 +1,15 @@
-## How to Prepare a Release for the Python SDK
+# How to Release the Python SDK
 
+## Release off an Release Candidate Branch in Github Actions
+To release the Python SDK via Github Action, you must do the following:
+1. SDK core opens a new PR with the latest generated code and latest core. This branch should start off with `sdk-core/...`
+2. Add the release notes for the RC as well as update the examples if needed.
+3. Run the `Release Python SDKs` action and input the correct build and version number while referencing the RC branch.
+4. After the action is completed, the Python SDK is released on Github and PyPi, you can merge the PR branch.
+
+If the Github Action isn't working, you can follow the manual steps below to release the Python SDK.
+
+## Manual Steps to release a Python SDK
 Before running this script, the user must make sure that they have the write permissions to the Python SDK repository.
 
 Run this make command to install all dependencies required for the Python SDK release process.
@@ -10,7 +20,7 @@ release/install-dependencies
 Step 1. Make any changes to the SDK as required on a feature branch or main branch.
 NOTE: If ran on a main branch, a release branch will be created.
 
-Step 2. Go to the root of the repo and run 
+Step 2. Go to the root of the repo and run
 ```
 make prep-release
 ```

src/release/scripts/build-wheels.sh

@@ -2,8 +2,6 @@
 
 # Helper script to build the required wheels for the Python SDK
 
-output_version_file="version.py"
-
 # The list of python verisons the SDKs release for
 python_versions=("$@")
 
@@ -15,14 +13,14 @@ macOS_version_x86_64=10.9
 macOS_version_arm64=11.0
 
 # Extracts the current verison number for cleanup function
-current_version=$(awk -F "['\"]" '/SDK_VERSION =/{print $2}' "$output_version_file")
+current_version=$(cat .VERSION)
 
 # Function to execute upon exit
 cleanup() {
     echo "Performing cleanup tasks..."
     # Remove dist and egg-info and the potential release candidate if created
     rm -r dist src/*.egg-info/ onepassword_sdk-"${current_version}"
-    exit 1   
+    exit 1
 }
 
 # Set the trap to call the cleanup function on exit
@@ -44,7 +42,7 @@ build_wheels() {
     export PYTHON_OS_PLATFORM=$os_platform
     export PYTHON_MACHINE_PLATFORM=$machine_platform
 
-    case "$os_platform" in 
+    case "$os_platform" in
         Darwin)
             macos_version=
             # Min MacOS version for Python 3.13+ is 10.13

src/release/scripts/prep-release.sh

@@ -2,23 +2,22 @@
 
 # Helper script to prepare a release for the Python SDK.
 
-output_version_file="version.py"
+output_version_file=".VERSION"
 output_build_file="src/onepassword/build_number.py"
-version_template_file="src/release/templates/version.tpl.py"
 build_number_template_file="src/release/templates/build_number.tpl.py"
 
 
-# Extracts the current build/version number for comparison and backup 
-current_version=$(awk -F "['\"]" '/SDK_VERSION =/{print $2}' "$output_version_file")
+# Extracts the current build/version number for comparison and backup
+current_version=$(cat "$output_version_file")
 current_build=$(awk -F "['\"]" '/SDK_BUILD_NUMBER =/{print $2}' "$output_build_file")
 
 # Function to execute upon exit
 cleanup() {
     echo "Performing cleanup tasks..."
     # Revert changes to file if any
-    sed -e "s/{{ version }}/$current_version/" "$version_template_file" > "$output_version_file"
+    echo -n "$current_version" > "$output_version_file"
     sed -e "s/{{ build }}/$current_build/" "$build_number_template_file" > "$output_build_file"
-    exit 1   
+    exit 1
 }
 
 # Set the trap to call the cleanup function on exit
@@ -39,14 +38,14 @@ update_and_validate_version() {
         read -p "Enter the version number (format: x.y.z(-beta.w)): " version
 
         # Validate the version number format
-        if [[ "${version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-beta\.[0-9]+)?$ ]]; then        
+        if [[ "${version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-beta\.[0-9]+)?$ ]]; then
             if [[ "${current_version}" != "${version}" ]]; then
                 # TODO: Check the less than case as well.
                 echo "New version number is: ${version}"
                 return 0
             else
                 echo "Version hasn't changed."
-            fi        
+            fi
         else
             echo "Invalid version number format: ${version}"
             echo "Please enter a version number in the 'x.y.z(-beta.w)' format."
@@ -55,7 +54,7 @@ update_and_validate_version() {
 }
 
 # Function to validate the build number format.
-# SEMVER Format: Mmmppbb - 7 Digits 
+# SEMVER Format: Mmmppbb - 7 Digits
 update_and_validate_build() {
     while true; do
         # Prompt the user to input the build number
@@ -84,10 +83,10 @@ enforce_latest_code
 update_and_validate_version
 
 # Update and validate the build number
-update_and_validate_build 
+update_and_validate_build
 
-# Update version & build number in version.py and build_number.py respectively
-sed  -e "s/{{ version }}/$version/" "$version_template_file" > "$output_version_file"
+# Update version & build number in .VERSION and build_number.py respectively
+echo -n "$version" > "$output_version_file"
 sed  -e "s/{{ build }}/$build/" "$build_number_template_file" > "$output_build_file"