From bd0645cd3e0a510955a2e11d545669c3cef544cc Mon Sep 17 00:00:00 2001 From: docushell-admin Date: Thu, 25 Jun 2026 10:43:01 +0530 Subject: [PATCH] Close patch 0.1.2 Python publication Signed-off-by: docushell-admin --- ...patch_0_1_2_python_publication_closeout.py | 171 ++++++++++++++++++ .../scripts/test_release_candidate_prep.py | 1 + CHANGELOG.md | 1 + Makefile | 1 + docs/execution-status.md | 8 + docs/public-release-checklist.md | 9 + docs/validation/README.md | 6 + ...lication-closeout-validation-2026-06-25.md | 147 +++++++++++++++ 8 files changed, 344 insertions(+) create mode 100644 .github/scripts/test_patch_0_1_2_python_publication_closeout.py create mode 100644 docs/validation/patch-0-1-2-python-publication-closeout-validation-2026-06-25.md diff --git a/.github/scripts/test_patch_0_1_2_python_publication_closeout.py b/.github/scripts/test_patch_0_1_2_python_publication_closeout.py new file mode 100644 index 0000000..05e4054 --- /dev/null +++ b/.github/scripts/test_patch_0_1_2_python_publication_closeout.py @@ -0,0 +1,171 @@ +#!/usr/bin/env python3 +# +# Copyright 2026 The Ethos maintainers +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# + +from __future__ import annotations + +import json +import re +import subprocess +import unittest +import urllib.request +from pathlib import Path + +from makefile_guard import target_block + + +ROOT = Path(__file__).resolve().parents[2] +RECORD = ROOT / "docs/validation/patch-0-1-2-python-publication-closeout-validation-2026-06-25.md" +VALIDATION_README = ROOT / "docs/validation/README.md" +MAKEFILE = ROOT / "Makefile" + +SOURCE_SHORT = "26012eb" +SOURCE_COMMIT = "26012ebfaf9a50e02c12515827f63c21e6a69ca6" +SOURCE_TREE = "a178affbdf5a0f46d52aa80c804b1142688f4a82" +PACKAGE_SOURCE_COMMIT = "e431982cca2922d4cc59ddc7cacb9e72538b1cd0" +PACKAGE_SOURCE_TREE = "f59ddd018d234eeee0ac77292b417f4acb892b4e" +PACKAGE = "ethos-pdf" +VERSION = "0.1.2" +WHEEL = "ethos_pdf-0.1.2-py3-none-any.whl" +WHEEL_SHA256 = "6f17240954f1257ece3c762c820ad771ccb114353bfb699fe87f418a5ceb663c" +WHEEL_URL = "https://files.pythonhosted.org/packages/32/0f/06fe9ab696ee596cc88f9b061b5c2b9f443fe7fcdc54ebb02a4189dda129/ethos_pdf-0.1.2-py3-none-any.whl" +WHEEL_SIZE = 11445 +UPLOAD_TIME = "2026-06-25T05:06:17.574879Z" +FORBIDDEN = ( + "production-ready", + "hosted surfaces approved", + "windows packaged artifacts approved", + "bundled pdfium approved", + "public benchmark claims approved", + "ethos-doc approved", + "ethos-rag approved", +) + + +def read(path: Path) -> str: + return path.read_text(encoding="utf-8") + + +def normalized(path: Path) -> str: + return re.sub(r"\s+", " ", read(path)) + + +def git(*args: str) -> str: + return subprocess.check_output( + ["git", *args], + cwd=ROOT, + encoding="utf-8", + stderr=subprocess.DEVNULL, + ).strip() + + +def pypi_release_json() -> dict: + with urllib.request.urlopen(f"https://pypi.org/pypi/{PACKAGE}/{VERSION}/json", timeout=30) as response: + return json.load(response) + + +class Patch012PythonPublicationCloseoutTests(unittest.TestCase): + def test_closeout_record_is_source_bound_and_indexed(self) -> None: + record = normalized(RECORD) + readme = normalized(VALIDATION_README) + + self.assertIn(RECORD.name, readme) + self.assertIn("patch 0.1.2 Python PyPI publication closeout", readme) + self.assertIn(f"Validated source HEAD before this record: `{SOURCE_SHORT}`", read(RECORD)) + self.assertIn(f"Patch 0.1.2 Python publication closeout source commit: `{SOURCE_COMMIT}`", record) + self.assertIn(f"Patch 0.1.2 Python publication closeout source tree: `{SOURCE_TREE}`", record) + self.assertEqual(SOURCE_COMMIT, git("rev-parse", SOURCE_SHORT)) + self.assertEqual(SOURCE_TREE, git("rev-parse", f"{SOURCE_SHORT}^{{tree}}")) + + def test_closeout_records_upload_and_registry_evidence(self) -> None: + record = normalized(RECORD) + + for expected in ( + "python3 -m twine upload target/python-pypi-0.1.2/ethos_pdf-0.1.2-py3-none-any.whl", + "Uploading distributions to https://upload.pypi.org/legacy/", + "WARNING This environment is not supported for trusted publishing", + "Uploading ethos_pdf-0.1.2-py3-none-any.whl", + "View at: https://pypi.org/project/ethos-pdf/0.1.2/", + "SOURCE_DATE_EPOCH=0", + PACKAGE, + VERSION, + WHEEL, + WHEEL_SHA256, + WHEEL_URL, + UPLOAD_TIME, + "bdist_wheel", + "py3", + "yanked: false", + "ETHOS_PDFIUM_LIBRARY_PATH", + f"Package source commit: `{PACKAGE_SOURCE_COMMIT}`", + f"Package source tree: `{PACKAGE_SOURCE_TREE}`", + ): + self.assertIn(expected, record) + + def test_live_pypi_reports_published_candidate(self) -> None: + data = pypi_release_json() + + self.assertEqual(PACKAGE, data["info"]["name"]) + self.assertEqual(VERSION, data["info"]["version"]) + self.assertEqual(">=3.8", data["info"]["requires_python"]) + self.assertEqual(1, len(data["urls"])) + file = data["urls"][0] + self.assertEqual(WHEEL, file["filename"]) + self.assertEqual("bdist_wheel", file["packagetype"]) + self.assertEqual("py3", file["python_version"]) + self.assertEqual(WHEEL_SHA256, file["digests"]["sha256"]) + self.assertEqual(WHEEL_URL, file["url"]) + self.assertEqual(WHEEL_SIZE, file["size"]) + self.assertEqual(UPLOAD_TIME, file["upload_time_iso_8601"]) + self.assertFalse(file["yanked"]) + + def test_retained_blockers_and_public_path_hygiene(self) -> None: + raw = read(RECORD) + lower = normalized(RECORD).lower() + + for expected in ( + "Public installation wording may be updated only in a separate bounded docs lane.", + "Package tag creation remains blocked until a separate explicit approval or closeout record permits it.", + "Hosted surfaces remain blocked.", + "Production positioning remains blocked.", + "Public benchmark reports remain blocked.", + "Public benchmark claims remain blocked.", + "Windows packaged artifacts remain blocked.", + "Bundled project-maintained PDFium builds remain blocked.", + "`ethos-doc` remains blocked.", + "`ethos-rag` remains blocked.", + "PDFium remains caller-provided through `ETHOS_PDFIUM_LIBRARY_PATH`.", + ): + self.assertIn(expected, raw) + for forbidden in FORBIDDEN: + self.assertNotIn(forbidden, lower) + for private in ( + "/" + "Users/", + "/" + "tmp", + "/" + "private/tmp", + "/" + "private/var", + "/" + "var/folders", + "saumil" + "diwaker", + "Desktop/" + "Stuff", + "project/repo/" + "ethos", + ): + self.assertNotIn(private, raw) + + def test_release_candidate_prep_runs_closeout_after_decision_guard(self) -> None: + makefile = read(MAKEFILE) + decision_guard = "$(PYTHON) .github/scripts/test_patch_0_1_2_python_publication_approval_decision.py" + closeout_guard = "$(PYTHON) .github/scripts/test_patch_0_1_2_python_publication_closeout.py" + first_public_guard = "$(PYTHON) .github/scripts/test_first_public_release_artifact_evidence.py" + block = target_block("release-candidate-prep") + + self.assertIn(closeout_guard, block) + self.assertEqual(1, makefile.count(closeout_guard)) + self.assertLess(block.index(decision_guard), block.index(closeout_guard)) + self.assertLess(block.index(closeout_guard), block.index(first_public_guard)) + + +if __name__ == "__main__": + unittest.main() diff --git a/.github/scripts/test_release_candidate_prep.py b/.github/scripts/test_release_candidate_prep.py index 1213d29..b3f613d 100644 --- a/.github/scripts/test_release_candidate_prep.py +++ b/.github/scripts/test_release_candidate_prep.py @@ -75,6 +75,7 @@ "$(PYTHON) .github/scripts/test_patch_0_1_2_rust_public_install_wording_closeout.py", "$(PYTHON) .github/scripts/test_patch_0_1_2_python_publication_approval_request.py", "$(PYTHON) .github/scripts/test_patch_0_1_2_python_publication_approval_decision.py", + "$(PYTHON) .github/scripts/test_patch_0_1_2_python_publication_closeout.py", "$(PYTHON) .github/scripts/test_first_public_release_artifact_evidence.py", "$(PYTHON) .github/scripts/test_first_public_release_final_decider.py", "$(PYTHON) .github/scripts/test_first_public_release_linux_x64_artifact_evidence.py", diff --git a/CHANGELOG.md b/CHANGELOG.md index cfd3563..04d6ecb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## Unreleased +- boundary-exception: close patch `0.1.2` Python PyPI publication with exact registry evidence for `ethos-pdf==0.1.2` while keeping Python public install wording, package tag creation, hosted, production, Windows, bundled PDFium, benchmark, `ethos-doc`, and `ethos-rag` surfaces blocked. - boundary-exception: record decider approval for bounded later deterministic patch `0.1.2` Python PyPI wheel publication while keeping actual upload, Python public install wording, package tag creation, hosted, production, Windows, bundled PDFium, benchmark, `ethos-doc`, and `ethos-rag` surfaces blocked. - boundary-exception: request decider review for exact deterministic patch `0.1.2` Python PyPI wheel publication while keeping PyPI upload, Python public install wording, hosted, production, Windows, bundled PDFium, benchmark, `ethos-doc`, and `ethos-rag` surfaces blocked. - boundary-exception: close patch `0.1.2` Rust public install wording for published crates `ethos-doc-core`, `ethos-verify`, and `ethos-pdf` while keeping PyPI publication, hosted, production, Windows, bundled PDFium, benchmark, `ethos-doc`, and `ethos-rag` surfaces blocked. diff --git a/Makefile b/Makefile index 26ef806..03156f0 100644 --- a/Makefile +++ b/Makefile @@ -326,6 +326,7 @@ release-candidate-prep: $(PYTHON) .github/scripts/test_patch_0_1_2_rust_public_install_wording_closeout.py $(PYTHON) .github/scripts/test_patch_0_1_2_python_publication_approval_request.py $(PYTHON) .github/scripts/test_patch_0_1_2_python_publication_approval_decision.py + $(PYTHON) .github/scripts/test_patch_0_1_2_python_publication_closeout.py $(PYTHON) .github/scripts/test_first_public_release_artifact_evidence.py $(PYTHON) .github/scripts/test_first_public_release_final_decider.py $(PYTHON) .github/scripts/test_first_public_release_linux_x64_artifact_evidence.py diff --git a/docs/execution-status.md b/docs/execution-status.md index c221e3f..30035d0 100644 --- a/docs/execution-status.md +++ b/docs/execution-status.md @@ -89,6 +89,14 @@ remains blocked until PyPI availability closeout, package tag creation remains b surfaces, production positioning, Windows packaged artifacts, bundled project-maintained PDFium builds, `ethos-doc`, `ethos-rag`, and public benchmark claims remain blocked. +Patch `0.1.2` Python PyPI publication closeout is recorded in +`docs/validation/patch-0-1-2-python-publication-closeout-validation-2026-06-25.md`. PyPI now +reports `ethos-pdf==0.1.2` with matching wheel filename, SHA256, upload time, size, URL, and +non-yanked status. Python public installation wording remains blocked until a separate wording and +availability closeout, package tag creation remains blocked, and hosted surfaces, production +positioning, Windows packaged artifacts, bundled project-maintained PDFium builds, `ethos-doc`, +`ethos-rag`, and public benchmark claims remain blocked. + Public approval lane blocker prep is recorded in `docs/milestone-e-public-approval-lane-blockers.json` and schema-bound by `schemas/ethos-milestone-e-public-approval-lane-blockers.schema.json`. This public approval lane diff --git a/docs/public-release-checklist.md b/docs/public-release-checklist.md index b2e1250..5589656 100644 --- a/docs/public-release-checklist.md +++ b/docs/public-release-checklist.md @@ -168,6 +168,15 @@ remain blocked, production positioning remains blocked, Windows packaged artifac bundled project-maintained PDFium builds remain blocked, `ethos-doc` remains blocked, `ethos-rag` remains blocked, and public benchmark claims remain blocked. +Patch `0.1.2` Python PyPI publication closeout is recorded in +`docs/validation/patch-0-1-2-python-publication-closeout-validation-2026-06-25.md`. PyPI reports +`ethos-pdf==0.1.2` as the exact deterministic wheel approved for publication. Python public +installation wording remains blocked until a separate wording and availability closeout, package tag +creation remains blocked, hosted surfaces remain blocked, production positioning remains blocked, +Windows packaged artifacts remain blocked, bundled project-maintained PDFium builds remain blocked, +`ethos-doc` remains blocked, `ethos-rag` remains blocked, and public benchmark claims remain +blocked. + ## Required Before Public Push - Package-name and trademark decision is closed by accepted ADR-0006 in diff --git a/docs/validation/README.md b/docs/validation/README.md index b94d7bf..6f16e15 100644 --- a/docs/validation/README.md +++ b/docs/validation/README.md @@ -749,6 +749,12 @@ recording the exact current-main source candidate and required follow-up evidenc Python public installation wording, package tag creation, hosted, production, Windows, bundled PDFium, benchmark, `ethos-doc`, and `ethos-rag` surfaces remain blocked until separate operator evidence, closeout, or approval records pass. +- `patch-0-1-2-python-publication-closeout-validation-2026-06-25.md` - patch 0.1.2 + Python PyPI publication closeout validation records operator upload evidence and live PyPI + registry visibility for the exact deterministic `ethos-pdf==0.1.2` wheel; Python public + installation wording, package tag creation, hosted, production, Windows, bundled PDFium, + benchmark, `ethos-doc`, and `ethos-rag` surfaces remain blocked until separate closeout or + approval records pass. - `milestone-e-validation-command-index-validation-2026-06-20.md` - internal Milestone E validation-command index validation passed through command-alignment checks, schema enum checks, row-record checks, public-surface posture checks, `make milestone-e-prep`, and diff hygiene; the diff --git a/docs/validation/patch-0-1-2-python-publication-closeout-validation-2026-06-25.md b/docs/validation/patch-0-1-2-python-publication-closeout-validation-2026-06-25.md new file mode 100644 index 0000000..d91bd81 --- /dev/null +++ b/docs/validation/patch-0-1-2-python-publication-closeout-validation-2026-06-25.md @@ -0,0 +1,147 @@ +# Patch 0.1.2 Python PyPI Publication Closeout Validation - 2026-06-25 + +Validated source HEAD before this record: `26012eb`. + +Patch 0.1.2 Python publication closeout source commit: +`26012ebfaf9a50e02c12515827f63c21e6a69ca6`. + +Patch 0.1.2 Python publication closeout source tree: +`a178affbdf5a0f46d52aa80c804b1142688f4a82`. + +Status: **patch 0.1.2 Python PyPI wheel published** + +This record closes the bounded patch `0.1.2` Python PyPI publication lane for +`ethos-pdf==0.1.2`. It records operator upload evidence and live PyPI registry verification for the +exact approved deterministic wheel. It does not approve Python public installation wording, package +tag creation, hosted surfaces, production positioning, Windows packaged artifacts, bundled +project-maintained PDFium builds, `ethos-doc`, `ethos-rag`, public benchmark reports, public +benchmark claims, or broader public wording. + +## Published Package + +- Package: `ethos-pdf` +- Version: `0.1.2` +- Import package: `ethos_pdf` +- Registry: `https://pypi.org/` +- Project URL: `https://pypi.org/project/ethos-pdf/0.1.2/` +- Distribution: `ethos_pdf-0.1.2-py3-none-any.whl` +- Deterministic build input: `SOURCE_DATE_EPOCH=0` +- SHA256: + `6f17240954f1257ece3c762c820ad771ccb114353bfb699fe87f418a5ceb663c` + +## Operator Upload Evidence + +Pre-upload checks: + +```text +shasum -a 256 target/python-pypi-0.1.2/ethos_pdf-0.1.2-py3-none-any.whl +6f17240954f1257ece3c762c820ad771ccb114353bfb699fe87f418a5ceb663c target/python-pypi-0.1.2/ethos_pdf-0.1.2-py3-none-any.whl +python3 .github/scripts/test_patch_0_1_2_python_publication_approval_decision.py +Ran 4 tests in 0.085s +OK +python3 .github/scripts/test_patch_0_1_2_python_publication_approval_request.py +Ran 5 tests in 0.053s +OK +python3 .github/scripts/test_python_public_api_policy.py +Ran 4 tests in 0.001s +OK +PYTHONPATH=python python3 -m unittest discover -s python/tests +Ran 23 tests in 3.912s +OK +make release-candidate-prep PYTHON=python3 +git diff --check +``` + +Upload command: + +```text +python3 -m twine upload target/python-pypi-0.1.2/ethos_pdf-0.1.2-py3-none-any.whl +``` + +Observed upload result: + +```text +Uploading distributions to https://upload.pypi.org/legacy/ +WARNING This environment is not supported for trusted publishing +Uploading ethos_pdf-0.1.2-py3-none-any.whl +100% 17.0/17.0 kB +View at: https://pypi.org/project/ethos-pdf/0.1.2/ +``` + +The upload used a PyPI-approved credential path. No credential is recorded in this repository. + +## Registry Verification + +Registry endpoint: + +```text +https://pypi.org/pypi/ethos-pdf/0.1.2/json +``` + +Result: + +```text +name: ethos-pdf +version: 0.1.2 +requires_python: >=3.8 +filename: ethos_pdf-0.1.2-py3-none-any.whl +packagetype: bdist_wheel +python_version: py3 +digests.sha256: 6f17240954f1257ece3c762c820ad771ccb114353bfb699fe87f418a5ceb663c +size: 11445 +upload_time_iso_8601: 2026-06-25T05:06:17.574879Z +yanked: false +url: https://files.pythonhosted.org/packages/32/0f/06fe9ab696ee596cc88f9b061b5c2b9f443fe7fcdc54ebb02a4189dda129/ethos_pdf-0.1.2-py3-none-any.whl +``` + +## Approved Candidate Binding + +- Approval request record: + `docs/validation/patch-0-1-2-python-publication-approval-request-validation-2026-06-25.md` +- Approval decision record: + `docs/validation/patch-0-1-2-python-publication-approval-decision-validation-2026-06-25.md` +- Package source commit: `e431982cca2922d4cc59ddc7cacb9e72538b1cd0` +- Package source tree: `f59ddd018d234eeee0ac77292b417f4acb892b4e` +- Exact deterministic build input: `SOURCE_DATE_EPOCH=0` +- Exact wheel: `ethos_pdf-0.1.2-py3-none-any.whl` +- Exact wheel SHA256: + `6f17240954f1257ece3c762c820ad771ccb114353bfb699fe87f418a5ceb663c` +- Wheel metadata: `Name: ethos-pdf`, `Version: 0.1.2`, `Requires-Python: >=3.8`, + `Wheel-Version: 1.0`, `Root-Is-Purelib: true`, `Tag: py3-none-any`. + +## Retained Blockers + +- Public installation wording may be updated only in a separate bounded docs lane. +- Package tag creation remains blocked until a separate explicit approval or closeout record permits it. +- Hosted surfaces remain blocked. +- Production positioning remains blocked. +- Public benchmark reports remain blocked. +- Public benchmark claims remain blocked. +- Windows packaged artifacts remain blocked. +- Bundled project-maintained PDFium builds remain blocked. +- `ethos-doc` remains blocked. +- `ethos-rag` remains blocked. +- PDFium remains caller-provided through `ETHOS_PDFIUM_LIBRARY_PATH`. + +## Commands + +```sh +SOURCE_DATE_EPOCH=0 python3 -m build --wheel --outdir target/python-pypi-0.1.2 +shasum -a 256 target/python-pypi-0.1.2/ethos_pdf-0.1.2-py3-none-any.whl +python3 .github/scripts/test_patch_0_1_2_python_publication_approval_decision.py +python3 .github/scripts/test_patch_0_1_2_python_publication_approval_request.py +python3 .github/scripts/test_python_public_api_policy.py +PYTHONPATH=python python3 -m unittest discover -s python/tests +make release-candidate-prep PYTHON=python3 +python3 -m twine upload target/python-pypi-0.1.2/ethos_pdf-0.1.2-py3-none-any.whl +python3 .github/scripts/test_patch_0_1_2_python_publication_closeout.py +git diff --check +``` + +## Result + +```text +patch 0.1.2 Python PyPI publication closeout recorded +ethos-pdf 0.1.2 is live on PyPI as the approved deterministic py3-none-any wheel +Public installation wording must still be handled in a separate bounded docs lane +```