ci: rewrite README links to absolute URLs for PyPI#3074
Conversation
PyPI renders the README from the package metadata baked in at build time and ships no other repo files, so the README's relative links (docs/*, CONTRIBUTING.md) 404 on the project page. In the release-build SDK job, rewrite relative Markdown links to absolute GitHub blob URLs pinned to the release tag, editing the checked-out README in place (never committed) before `uv build` bakes it into the long_description. A follow-up verify step fails the build if any relative link remains in the wheel METADATA or sdist PKG-INFO. Images and absolute links are left untouched. Fixes #1375
![ask-bonk[bot]](https://avatars.githubusercontent.com/in/2454580?s=60&v=4){kind=small}
There was a problem hiding this comment.
I'm Bonk, and I've done a quick review of your PR.
The PR adds two steps to rewrite README relative links to absolute GitHub blob URLs before building the SDK wheel, plus a verification step to catch any stragglers. The approach is sound and well-tested.
I found one robustness issue in the verify script: if the wheel/sdist glob returns empty or the metadata file isn't found, the script crashes with an unhelpful error (IndexError or RuntimeError from StopIteration) instead of a clear message about what went wrong.
|
I'm Bonk, and I've done a quick review of your PR. The PR adds two steps to rewrite README relative links to absolute GitHub blob URLs before building the SDK wheel, plus a verification step to catch any stragglers. The approach is sound and well-tested. I found one robustness issue in the verify script: if the wheel/sdist glob returns empty or the metadata file isn't found, the script crashes with an unhelpful error (IndexError or RuntimeError from StopIteration) instead of a clear message about what went wrong. Posted as review comment on |
There was a problem hiding this comment.
I'm Bonk, and I've done a quick review of your PR.
The PR adds two steps to rewrite README relative links to absolute GitHub blob URLs before building the SDK wheel, plus a verification step to catch any stragglers. The approach is sound and well-tested.
I found one robustness issue in the verify script: if the wheel/sdist glob returns empty or the metadata file isn't found, the script crashes with an unhelpful error (IndexError or RuntimeError from StopIteration) instead of a clear message about what went wrong.
|
I'm Bonk, and I've done a quick review of your PR. The PR adds two steps to rewrite README relative links to absolute GitHub blob URLs before building the SDK wheel, plus a verification step to catch any stragglers. The approach is sound and well-tested. I found one robustness issue in the verify script: if the wheel/sdist glob returns empty or the metadata file isn't found, the script crashes with an unhelpful error (IndexError or RuntimeError from StopIteration) instead of a clear message about what went wrong. Posted as review comment on |
|
I've thoroughly reviewed PR #3074. The previous feedback about robustness in the verify script has been addressed — the glob and metadata lookups now have explicit checks with clear error messages. The implementation is clean, secure, and well-tested. No actionable issues remain. LGTM |
|
I'm Bonk, and I've done a quick review of your PR. The PR adds two steps to rewrite README relative links to absolute GitHub blob URLs before building the SDK wheel, plus a verification step to catch any stragglers. The approach is sound and well-tested. I found one robustness issue in the verify script: if the wheel/sdist glob returns empty or the metadata file isn't found, the script crashes with an unhelpful error (IndexError or RuntimeError from StopIteration) instead of a clear message about what went wrong. Posted as review comment on |
|
LGTM |
2 participants
Problem
PyPI renders a package's README from the
long_descriptionbaked into the distribution metadata at build time, and ships no other repo files. The Cog SDK README uses relative links (docs/*.md,CONTRIBUTING.md), so every one of them 404s on https://pypi.org/project/cog/.The publish step can't fix this —
pypa/gh-action-pypi-publishonly uploads pre-built artifacts and explicitly disclaims transforming them, andtwine checkdoes not validate links. The README has to be transformed at build time.Change
In the
build-sdkjob ofrelease-build.yaml(the job that produces the artifacts published to PyPI), add two steps:uv build, rewrite relative Markdown links to absolutehttps://github.com/replicate/cog/blob/<tag>/<path>URLs, editing the checked-out README in place (ephemeral on the runner, never committed). Pinning to the release tag (github.ref_name) makes the links immutable and version-correct. Only relative links are rewritten; images and any absolute link (URL scheme, protocol-relative//, in-page#anchors) are left untouched.METADATAor sdistPKG-INFO(the exact bytes PyPI renders).The committed
README.mdis unchanged (so GitHub keeps its relative links), and no new files are added to the repo. The tag is passed via stepenv:and read withos.environ, so there is no${{ }}script-injection surface.Test plan
Validated locally with a real
uv build:blob/URLs → verify passes.blob/URL would serve HTML, not raw bytes).///uppercase scheme) and the nested DeepWiki linked-image are left untouched.Fixes #1375