Do not publish python package on all commits

[adamsachs]

Description Of Changes

Removes the trigger of commits to main for the 'Publish fides' (i.e. publish python package) GH action. The action is still triggered by explicit tags of commits.

AFAIK, we no longer use the python packages published to test PyPI on every commit to main, so these are a waste of time and resources (and lead to noisy errors if we run out of 'space' on our test pypi index, etc.).

Previously, we relied on these packages to build our 'double-edge' images in Fidesplus. We now use a different mechanism for building this image: we check out main of this repo (fides) directly as part of the GH action.

Code Changes

• remove the main branch trigger for publish_package.yml

Steps to Confirm

1. we should still be able to e.g. publish a package to test pypi when pushing an alpha tag
2. other CI workflows shouldn't be impacted at all - this will take a bit of time to tell, we should just keep our eyes out for errors...

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
fides-plus-nightly	Ignored			Nov 24, 2025 9:19pm
fides-privacy-center	Ignored			Nov 24, 2025 9:19pm

[JadeCara]

[greptile-apps]

Greptile Overview

Greptile Summary

This PR removes the main branch trigger from the publish_package.yaml workflow, ensuring the Python package is only published to PyPI/TestPyPI when explicit tags are pushed (not on every commit to main).

Key Changes:

• Workflow now only triggers on push.tags events, not on commits to main
• Reduces unnecessary package publishing and associated errors from running out of space on test PyPI
• Tag-based publishing still works as expected (prod, rc, beta, alpha tags route to appropriate PyPI instances)
• Per the PR description, fidesplus now uses a different mechanism (direct checkout of main) for building double-edge images, so continuous package publishing is no longer needed

Impact:

• Lower resource usage and cleaner CI pipelines
• No functional impact on release process (all releases use tags)
• Comment on line 91 still references "no tag, just a vanilla commit/merge pushed to main" but this scenario will no longer trigger the workflow

Confidence Score: 5/5

• This PR is safe to merge with minimal risk - it's a simple configuration change with clear intent
• The change is straightforward: removing 2 lines that trigger the workflow on main branch commits. The workflow will still function correctly for all tag-based releases (prod, rc, beta, alpha). The PR description clearly explains the rationale (no longer needed for fidesplus integration, reduces waste). Only minor issue is an outdated comment that should be updated but doesn't affect functionality.
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
.github/workflows/publish_package.yaml	5/5	Removed main branch trigger from workflow - now only triggers on tags, which is the intended behavior per PR description

[greptile-apps]

Additional Comments (1)

1. .github/workflows/publish_package.yaml, line 91 (link)

   style: outdated comment - with main branch trigger removed, "no tag, just a vanilla commit/merge pushed to main" will no longer trigger this workflow

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}