Publishes Python packages to PyPI locally using Doppler credentials and bash scripts with CI detection guards. For manual local releases only.
From itpnpx claudepluginhub terrylica/cc-skills --plugin itpThis skill is limited to using the following tools:
references/ci-detection.mdreferences/credential-management.mdreferences/evolution-log.mdreferences/mise-task-integration.mdreferences/testpypi-testing.mdreferences/troubleshooting.mdscripts/publish-to-pypi.shSearches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Guides idea refinement into designs: explores context, asks questions one-by-one, proposes approaches, presents sections for approval, writes/review specs before coding.
Self-Evolving Skill: This skill improves through use. If instructions are wrong, parameters drifted, or a workaround was needed — fix this file immediately, don't defer. Only update for real, reproducible issues.
Use this skill when:
This skill supports LOCAL machine publishing ONLY.
publishCmd in semantic-release configurationuv build in prepareCmd)scripts/publish-to-pypi.sh on local machineSee: ADR-0027, docs/development/PUBLISHING.md
This skill provides local-only PyPI publishing using Doppler for secure credential management. It integrates with the workspace-wide release workflow where:
| Script | Purpose |
|---|---|
scripts/publish-to-pypi.sh | Local PyPI publishing with CI detection guards |
Usage: Copy to your project's scripts/ directory:
/usr/bin/env bash << 'DOPPLER_EOF'
# Environment-agnostic path
PLUGIN_DIR="${CLAUDE_PLUGIN_ROOT:-$HOME/.claude/plugins/marketplaces/cc-skills/plugins/itp}"
cp "$PLUGIN_DIR/skills/pypi-doppler/scripts/publish-to-pypi.sh" scripts/
chmod +x scripts/publish-to-pypi.sh
DOPPLER_EOF
Install Doppler CLI:
brew install dopplerhq/cli/doppler
Authenticate with Doppler:
doppler login
Verify access to claude-config project:
doppler whoami
doppler projects
Create PyPI API token:
pypi-AgEIcHlwaS5vcmc..., ~180 characters)Store token in Doppler:
doppler secrets set PYPI_TOKEN='pypi-AgEIcHlwaS5vcmc...' \
--project claude-config \
--config prd
Verify token stored:
doppler secrets get PYPI_TOKEN \
--project claude-config \
--config prd \
--plain
Pre-publish validation: Before publishing to PyPI, verify that the version has incremented from the previous release. Publishing without a version increment is invalid and wastes resources.
Autonomous check sequence:
pyproject.toml version against latest PyPI versionfeat: or fix: types."Step 1: Development & Commit (Conventional Commits):
git add .
git commit -m "feat: add new feature" # MINOR bump
git push origin main
Step 2: Automated Versioning (GitHub Actions - 40-60s):
GitHub Actions automatically: analyzes commits, determines next version, updates pyproject.toml/package.json, generates CHANGELOG, creates git tag, creates GitHub release.
PyPI publishing does NOT happen here (by design - see ADR-0027).
Step 3: Local PyPI Publishing (30 seconds):
git pull origin main
./scripts/publish-to-pypi.sh
/usr/bin/env bash << 'GIT_EOF'
# First time: copy script from skill to your project (environment-agnostic)
PLUGIN_DIR="${CLAUDE_PLUGIN_ROOT:-$HOME/.claude/plugins/marketplaces/cc-skills/plugins/itp}"
cp "$PLUGIN_DIR/skills/pypi-doppler/scripts/publish-to-pypi.sh" scripts/
chmod +x scripts/publish-to-pypi.sh
# After semantic-release creates GitHub release
git pull origin main
# Publish using local copy of bundled script
./scripts/publish-to-pypi.sh
GIT_EOF
Bundled script features: CI detection guards, repository verification, Doppler integration, build + publish + verify workflow, clear error messages.
For manual publishing without the canonical script:
/usr/bin/env bash << 'CONFIG_EOF'
# Retrieve token from Doppler
PYPI_TOKEN=$(doppler secrets get PYPI_TOKEN \
--project claude-config \
--config prd \
--plain)
# Build package
uv build
# Publish to PyPI
UV_PUBLISH_TOKEN="${PYPI_TOKEN}" uv publish
CONFIG_EOF
WARNING: Manual publishing bypasses CI detection guards and repository verification. Use canonical script unless you have a specific reason not to.
| Topic | Reference |
|---|---|
| CI Detection | CI Detection Enforcement |
| Credential Management | Doppler & Token Management |
| Troubleshooting | Troubleshooting Guide |
| TestPyPI Testing | TestPyPI Testing |
| mise Task Integration | mise Task Integration |
docs/architecture/decisions/0027-local-only-pypi-publishing.md - Architectural decision for local-only publishingdocs/architecture/decisions/0028-skills-documentation-alignment.md - Skills alignment with ADR-0027docs/development/PUBLISHING.md - Complete release workflow guidesemantic-release - Versioning automation (NO publishing)mise-tasks - Task orchestration with dependency managementrelease-workflow-patterns.md - DAG patterns and anti-patternsscripts/publish-to-pypi.sh - Reference implementation with CI guardsdiscover_uv() checks PATH, direct installs, version managers (priority order)Last Updated: 2025-12-03 Policy: Workspace-wide local-only PyPI publishing (ADR-0027) Supersedes: None (created with ADR-0027 compliance from start)
After this skill completes, check before closing:
Only update if the issue is real and reproducible — not speculative.