Skip to content

Commit 613818b

Browse files
committed
Last minute cleanups
1 parent f3e9411 commit 613818b

1 file changed

Lines changed: 40 additions & 25 deletions

File tree

peps/pep-0694.rst

Lines changed: 40 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -804,13 +804,13 @@ Indexes advertise their support for staged previews by returning two key pieces
804804
:ref:`response to publishing session creation <publishing-session-response>`. Indexes which don't support
805805
staged previews **MUST NOT** include these in their responses.
806806

807-
The ``session-token`` is a short token which could be used as a convenience for installation tool UX, if they
808-
want to support staged previews via a command line switch, e.g. ``pip install --staged $SESSION_TOKEN``. The
809-
``links.stage`` key gives the full URL to the stage, which could be used in the CLI, e.g. ``pip
810-
install --extra-index-url $STAGE_URL``. Both the session token and URL **MUST** be cryptographically
811-
unguessable, but the algorithm for generating the token is left to the index. The stage URL **MUST** be
812-
calculable from the session token, using a format documented by the index, but the exact format of the URL is
813-
also left to the index.
807+
The ``session-token`` is a short token which could be used as a convenience for installation tool UX. For
808+
example, ``pip`` could add a ``--stage $SESSION_TOKEN`` flag as a convenience for installing from a staged
809+
preview. The ``links.stage`` key gives the full URL to the stage, which can be used with installers today,
810+
e.g. ``pip install --extra-index-url $STAGE_URL``. Both the session token and URL **MUST** be
811+
cryptographically unguessable, but the algorithm for generating the token is left to the index. The stage URL
812+
**MUST** be calculable from the session token, using a format documented by the index, but the exact format of
813+
the URL is also left to the index.
814814

815815

816816
File Upload Session
@@ -1390,13 +1390,13 @@ command. The Upload 2.0 protocol could be exposed through additional options:
13901390
commands. This session identifier is local to the client and is mapped internally to the
13911391
in-progress server session.
13921392

1393-
``twine publish <session-id>``
1393+
``twine session publish <session-id>``
13941394
Publishes a previously staged session.
13951395

1396-
``twine cancel <session-id>``
1396+
``twine session cancel <session-id>``
13971397
Cancels a staged session and discards all uploaded files.
13981398

1399-
``twine status <session-id>``
1399+
``twine session status <session-id>``
14001400
Queries and displays the current status of a session.
14011401

14021402
uv
@@ -1410,12 +1410,22 @@ uv
14101410

14111411
``uv publish --stage dist/*``
14121412
Uploads without publishing. Like twine, this is valuable even without stage preview support.
1413+
Prints a session identifier that can be used with the ``uv session`` subcommands.
14131414

14141415
``uv publish --test-install dist/*``
14151416
If the index supports stage previews, uploads files, installs the package from the stage URL
14161417
into a temporary virtual environment, optionally runs a smoke test command, and only publishes
14171418
if successful. This provides an integrated "upload, test, publish" workflow.
14181419

1420+
``uv session publish <session-id>``
1421+
Publishes a previously staged session.
1422+
1423+
``uv session cancel <session-id>``
1424+
Cancels a staged session and discards all uploaded files.
1425+
1426+
``uv session status <session-id>``
1427+
Queries and displays the current status of a session.
1428+
14191429
GitHub Actions
14201430
~~~~~~~~~~~~~~
14211431

@@ -1438,7 +1448,7 @@ leverage staged releases to enable powerful CI/CD workflows. A multi-job workfl
14381448
- id: upload
14391449
uses: pypa/gh-action-pypi-publish@v2
14401450
with:
1441-
stage-only: true # Upload but don't publish
1451+
stage: true # Upload but don't publish
14421452
14431453
test:
14441454
needs: upload
@@ -1715,21 +1725,25 @@ Change History
17151725
publishers contributing to one session, and notes the related security implications.
17161726
* Remove the optional ``metadata`` key from the file upload session creation request. The uploaded file is
17171727
the authoritative source of metadata, which the index extracts from the file itself.
1718-
* Define an explicit publishing-session state machine. Rename the session-level ``pending`` status to
1719-
``open``, add a transitional ``processing`` status for deferred (``202 Accepted``) publishing, and document
1720-
the ``error`` status as a still-editable state that records a failed deferred publish (with the reason
1721-
reported in ``notices``). Add a **Publishing Session States** section with state descriptions and a
1722-
transition table, specify that a synchronous publish failure leaves the session editable rather than
1723-
entering ``error``, and require the server to reject cancellation with a ``409 Conflict`` while a session is
1724-
``processing``. Key the **Multiple Session Creation Requests** rule off any non-terminal state rather than
1725-
``pending``.
1726-
* Document the file upload session state machine with a **File Upload Session States** section and transition
1727-
table. Specify that any completion failure -- synchronous or deferred -- moves the session to ``error``,
1728-
that an ``error`` file cannot be repaired in place (the client cancels or deletes it and starts a new file
1729-
upload session), and that the server **MUST** reject a ``DELETE`` with a ``409 Conflict`` while a session
1730-
is ``processing``.
1728+
* Define an explicit publishing-session state machine. Rename the session-level ``pending``
1729+
status to ``open``, add a transitional ``processing`` status for deferred (``202 Accepted``)
1730+
publishing, and document the ``error`` status as a still-editable state that records a failed
1731+
deferred publish (with the reason reported in ``notices``). Add a **Publishing Session States**
1732+
section with state descriptions and a transition table, specify that a synchronous publish
1733+
failure leaves the session editable rather than entering ``error``, and require the server to
1734+
reject cancellation with a ``409 Conflict`` while a session is ``processing``. Key the
1735+
**Multiple Session Creation Requests** rule off any non-terminal state rather than ``pending``.
1736+
* Document the file upload session state machine with a **File Upload Session States** section and
1737+
transition table. Specify that any completion failure -- synchronous or deferred -- moves the
1738+
session to ``error``, that an ``error`` file cannot be repaired in place (the client cancels or
1739+
deletes it and starts a new file upload session), and that the server **MUST** reject a
1740+
``DELETE`` with a ``409 Conflict`` while a session is ``processing``.
17311741
* Add state transition diagrams to the **Publishing Session States** and **File Upload Session States**
17321742
sections, alongside the existing transition tables.
1743+
* Make the suggested ``twine`` and ``uv`` command-line interfaces consistent: group the staged-session
1744+
operations under a ``session`` subcommand (``session publish``/``session cancel``/``session status``),
1745+
give ``uv`` the same staged-session follow-ups and session-id output as ``twine``, and align the GitHub
1746+
Action's ``stage`` input with the ``--stage`` flag.
17331747

17341748
* `07-Dec-2025 <https://discuss.python.org/t/pep-694-pypi-upload-api-2-0-round-2/101483/35>`__
17351749

@@ -1744,7 +1758,8 @@ Change History
17441758
* Clarify publishing session steps such as status polling and session extension.
17451759
* Require that ``name`` conform to the normalization rules, and include a link.
17461760
* Require that ``version`` conform to the version specs, and include a link.
1747-
* Require ``filename`` to conform to either the source or binary distribution file name convention, and include links.
1761+
* Require ``filename`` to conform to either the source or binary distribution file name convention, and
1762+
include links.
17481763
* Reference RFC 3399 instead of ISO 8601 as the timestamp spec. The RFC is a simpler format that
17491764
subsets the ISO standard, and is more appropriate to our use case.
17501765
* Other protocol clarifications.

0 commit comments

Comments
 (0)