Implement CI/CD workflows for automated testing and PyPI publishing + API key authentication #14
Description
Implement CI/CD Workflows and API Key Authentication
Overview
Currently, the PyPI publishing workflow is manual and error-prone. We need to implement automated GitHub Actions workflows for testing and publishing, plus add API key authentication support to the IDTAP client for CI/CD scenarios.
Problems with Current Workflow
- Manual Testing: Test suite and PyPI uploads are run manually
- No PR Validation: PRs are not automatically tested against TestPyPI
- Manual Version Management: Version increments are done manually
- Authentication Dependency: Relies on Google OAuth, unsuitable for CI/CD
- Error-Prone Process: Easy to forget steps or make mistakes
Proposed Solution
Phase 1: GitHub Actions Workflows
Workflow 1: PR Testing (test-pr.yml)
Triggers: On PR creation and updates to any PR
Steps:
- Run full test suite (
pytest idtap/tests/) - Build package (
python -m build) - Upload to TestPyPI with PR-specific version suffix (e.g.,
0.1.12-pr13.1) - Post TestPyPI link as PR comment
- Validate installation from TestPyPI works
Benefits:
- Catch issues before merge
- Validate PyPI packaging works
- Test actual installation process
- Provide immediate feedback to contributors
Workflow 2: Production Release (release.yml)
Triggers: On merge to main branch
Steps:
- Run full test suite again
- Upload current version to TestPyPI (final validation)
- Auto-increment version number (patch by default)
- Build package with new version
- Upload to production PyPI
- Create git tag
- Generate GitHub release with changelog
Benefits:
- Fully automated releases
- No manual version management
- Consistent release process
- Automatic documentation
Phase 2: API Key Authentication
Current Limitation
The IDTAP client currently only supports Google OAuth, which requires interactive browser authentication. This doesn't work in CI/CD environments.
Proposed Enhancement
Add API key authentication support to SwaraClient.
Implementation Requirements
1. Server-Side Changes (IDTAP API):
- Add API key generation endpoint
- Add API key authentication middleware
- Add API key management UI for users
2. Client-Side Changes (idtap package):
- Extend
SwaraClient.__init__()to acceptauth_methodparameter - Add API key authentication in
_auth_headers()method - Update authentication documentation
Implementation Plan
Phase 1: GitHub Actions (Immediate)
Required GitHub Secrets:
TESTPYPI_API_TOKEN- TestPyPI API tokenPYPI_API_TOKEN- Production PyPI API tokenSWARA_API_KEY- IDTAP API key (Phase 2)
Benefits
For Developers
- Faster feedback: Immediate testing on PR creation
- Confidence: Know changes work before merge
- Less manual work: No more manual version increments
For Project
- Higher quality: Automated testing catches more issues
- Consistent releases: No human error in release process
- Better documentation: Auto-generated changelogs and releases
For Users
- Faster releases: No bottleneck on manual process
- More reliable: Consistent testing and validation
- Clear versioning: Automatic semantic versioning
Success Criteria
Phase 1 Complete When:
- Every PR automatically runs tests and uploads to TestPyPI
- Main branch merges automatically create production releases
- Version management is fully automated
- No manual PyPI uploads needed
Phase 2 Complete When:
- CI/CD can authenticate to IDTAP API without OAuth
- Integration tests can run in GitHub Actions
- API key management is available in UI
- Documentation covers both authentication methods
Priority
High - This significantly improves development workflow and release reliability.
Labels
enhancement, ci/cd, infrastructure, authentication