Safe Python package release CLI
Project description
puba
Safe Python Package Release CLI
A minimal, dependency-free CLI to safely check, build, and publish Python packages without risking secrets.
Features
- Ensure git working directory is clean before releasing
- Scan for secrets in the repo before publishing
- Run tests automatically (via
pytestif installed) - Build the package (
python -m build) - Safely upload to PyPI or TestPyPI
- Store your PyPI token securely in macOS Keychain, Windows Credential Manager, or Linux keyring
- Dry run mode for testing builds without uploading
checkscommand to validate the repo without publishing- No external dependencies required for CLI parsing
Usage
1️⃣ Store PyPI token securely
puba auth
- On macOS → stored in Keychain
- On Windows → stored in Credential Manager
- On Linux → stored in system keyring if available
- Fallback → prompts you for input each time
2️⃣ Install optional dev tools (for tests, builds, and publishing)
If you want to run tests, build packages, or publish safely, install optional dependencies:
# zsh users: quote the extras to avoid glob errors
pip install ".[dev]"
- Installs:
pytest,build,twine - You can also install subsets:
pip install ".[test]" # only pytest pip install ".[build]" # only build and twine
3️⃣ Run safety checks only
puba checks
Checks performed:
- Git working directory is clean
- Secret scan (requires
gitleaks) - Runs tests (
pytest) - Builds the package
No upload occurs in this step.
4️⃣ Publish package
puba publish
Options:
--test→ Upload to TestPyPI instead of PyPI--dry→ Run all checks and build without uploading
Examples:
# Standard release
puba publish
# Upload to TestPyPI
puba publish --test
# Dry run (check + build only)
puba publish --dry
5️⃣ Help
puba help
Displays usage instructions and available commands.
Example Workflow
+----------------+
| puba auth |
+----------------+
|
v
+------------------+
| puba checks |
+------------------+
|
v
+-------------------+
| puba publish |
+-------------------+
- Store token (one-time)
- Check repo before release
- Publish safely
Optional: test PyPI or dry-run:
puba publish --test
puba publish --dry
Notes
- Secrets are never committed — always stored in system keyring or provided via environment variable
PYPI_TOKEN. - Works on macOS, Windows, and Linux.
- Can be integrated into CI/CD pipelines with environment variables:
export PYPI_TOKEN=pypi-xxxxxxxxxxxx
puba publish --dry
Recommended Tools (Optional)
pytest→ for running tests automaticallygitleaks→ for scanning secrets before publishingbuild→ Python build system (pip install build)twine→ for uploading packages (pip install twine)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file puba-0.1.0.tar.gz.
File metadata
- Download URL: puba-0.1.0.tar.gz
- Upload date:
- Size: 4.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
af71d11e4a60cec65531bd733324b4e49acb2b4ae77e75a84d503768fb8ada6c
|
|
| MD5 |
6ec22896fa683e4acf2ae52b589b6e7c
|
|
| BLAKE2b-256 |
0fc5fad9d78da04aa079a89ec38f91ab079cab6d9a64359330ea4ca45eae9cef
|
File details
Details for the file puba-0.1.0-py3-none-any.whl.
File metadata
- Download URL: puba-0.1.0-py3-none-any.whl
- Upload date:
- Size: 6.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7543eb9d80b97338a5feca517cd028ec0776d8c5daea6dfde8191b3a915731a0
|
|
| MD5 |
11f5d94d1a18746c0b4c31cf0236396d
|
|
| BLAKE2b-256 |
b982708391284d717a06edc092cfaede6397b9746e67ee55ff0f97588f21ce90
|
