Problem
Maintainers need a short, reliable guide for releasing a new version of an existing CPEX plugin package to PyPI.
This issue is only about documenting the release-to-PyPI process. Dependency refresh work is tracked separately in #69.
Investigation notes
Managed plugin root: plugins/rust/python-package/<slug>/.
Release contract:
- version source of truth is each plugin
Cargo.toml
- matching
cpex_<slug>/plugin-manifest.yaml version must equal Cargo.toml
- top-level
Cargo.lock must reflect the plugin package version
make plugins-validate checks catalog and version consistency- releases are tag-driven per plugin
- tag format is
<hyphenated-slug>-v<version>, for example rate-limiter-v0.0.5
- release workflow
.github/workflows/release-rust-python-package.yaml builds and publishes one plugin per tag
- PyPI publish is allowed only for tags on
main
Current managed plugins:
encoded_exfil_detection -> tag prefix encoded-exfil-detection-vpii_filter -> tag prefix pii-filter-vrate_limiter -> tag prefix rate-limiter-vretry_with_backoff -> tag prefix retry-with-backoff-vsecrets_detection -> tag prefix secrets-detection-vurl_reputation -> tag prefix url-reputation-v
Required doc content
Add a concise maintainer section to DEVELOPING.md or a dedicated release doc that explains how to release a new plugin version to PyPI:
- Pick plugin slug and new version.
- Update version files:
plugins/rust/python-package/<slug>/Cargo.tomlplugins/rust/python-package/<slug>/cpex_<slug>/plugin-manifest.yaml- refresh
Cargo.lock if needed so it records the new package version
- Run local validation:
make plugins-validatemake plugin-test PLUGIN=<slug>
- Merge the version bump to
main.
- Create and push the release tag from
main:
git tag <hyphenated-slug>-v<version>git push origin <hyphenated-slug>-v<version>
- Watch the release workflow and confirm publish success.
- Verify the package exists on PyPI at the new version.
Acceptance criteria
- Docs explain exactly how to release one existing plugin version to PyPI.
- Docs include concrete command examples.
- Docs mention tag naming rules and examples.
- Docs mention that
Cargo.toml, plugin-manifest.yaml, and Cargo.lock must stay consistent.
- Docs mention release tags must be on
main for PyPI publish.
- Docs avoid broader dependency refresh or ContextForge update instructions except a short pointer to separate follow-up work if needed.
Problem
Maintainers need a short, reliable guide for releasing a new version of an existing CPEX plugin package to PyPI.
This issue is only about documenting the release-to-PyPI process. Dependency refresh work is tracked separately in #69.
Investigation notes
Managed plugin root:
plugins/rust/python-package/<slug>/.Release contract:
Cargo.tomlcpex_<slug>/plugin-manifest.yamlversion must equalCargo.tomlCargo.lockmust reflect the plugin package versionmake plugins-validatechecks catalog and version consistency<hyphenated-slug>-v<version>, for examplerate-limiter-v0.0.5.github/workflows/release-rust-python-package.yamlbuilds and publishes one plugin per tagmainCurrent managed plugins:
encoded_exfil_detection-> tag prefixencoded-exfil-detection-vpii_filter-> tag prefixpii-filter-vrate_limiter-> tag prefixrate-limiter-vretry_with_backoff-> tag prefixretry-with-backoff-vsecrets_detection-> tag prefixsecrets-detection-vurl_reputation-> tag prefixurl-reputation-vRequired doc content
Add a concise maintainer section to
DEVELOPING.mdor a dedicated release doc that explains how to release a new plugin version to PyPI:plugins/rust/python-package/<slug>/Cargo.tomlplugins/rust/python-package/<slug>/cpex_<slug>/plugin-manifest.yamlCargo.lockif needed so it records the new package versionmake plugins-validatemake plugin-test PLUGIN=<slug>main.main:git tag <hyphenated-slug>-v<version>git push origin <hyphenated-slug>-v<version>Acceptance criteria
Cargo.toml,plugin-manifest.yaml, andCargo.lockmust stay consistent.mainfor PyPI publish.