Skip to content

build: harden source distribution contents#40

Merged
subzeroid merged 1 commit into
mainfrom
harden/sdist-public-artifacts
May 31, 2026
Merged

build: harden source distribution contents#40
subzeroid merged 1 commit into
mainfrom
harden/sdist-public-artifacts

Conversation

@subzeroid
Copy link
Copy Markdown
Owner

@subzeroid subzeroid commented May 31, 2026

Summary

  • exclude internal/non-package paths from source distributions
  • remove public internal planning/backlog files from the repository tree
  • add an sdist regression test that builds the tarball and checks forbidden paths

Verification

  • uv run ruff check
  • uv run ruff format --check
  • uv run mypy insto
  • uv run pytest --cov=insto --cov-fail-under=75
  • uv run python -m build
  • tar forbidden-path scan on dist/insto-0.7.13.tar.gz

@subzeroid subzeroid changed the title Harden source distribution contents build: harden source distribution contents May 31, 2026
@subzeroid subzeroid merged commit c7c8eed into main May 31, 2026
3 of 4 checks passed
@subzeroid subzeroid deleted the harden/sdist-public-artifacts branch May 31, 2026 21:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@subzeroid