Skip to content

PEP 694: Abstract file upload mechanisms #4431

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 36 commits into from
Jul 28, 2025
Merged

PEP 694: Abstract file upload mechanisms #4431

Changes from 1 commit
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
d569693
PEP 694: Abstract file upload mechanisms
ewdurbin May 21, 2025
8e98c9b
lint
ewdurbin May 21, 2025
daf06f4
no warnings allowed
ewdurbin May 21, 2025
5ef177e
refinements
ewdurbin May 22, 2025
7f1e741
Update peps/pep-0694.rst
ewdurbin May 28, 2025
f8469cf
remove reference to a specific URL for PyPI
ewdurbin May 30, 2025
05d7fc2
clarify that resumable/parallel uploads are supported but not defined…
ewdurbin May 30, 2025
2ef077c
attempt to specify http-post-application-octet-stream mechanism
ewdurbin May 30, 2025
a2bfb56
if attestations are going to be uploaded, do it before completion of …
ewdurbin May 30, 2025
442d37f
i'm in it now
ewdurbin May 30, 2025
924a27d
try to un-wonk content-type per feedback
ewdurbin May 30, 2025
7f0798b
lint
ewdurbin May 30, 2025
3effee2
clarify file upload mechanism details
ewdurbin May 30, 2025
c053242
Fix typo
ewdurbin May 30, 2025
847b2bd
address general content feedback from review
ewdurbin Jun 11, 2025
64fdafc
bubble content-type handling up so that it can be assumed througouth
ewdurbin Jun 11, 2025
2d634d7
restructure document to un-twist Upload Sessions and File Upload Sess…
ewdurbin Jun 11, 2025
6fea5f9
naming things
ewdurbin Jun 11, 2025
86710f1
flatten the `mechanism` value of the file upload session response
ewdurbin Jun 11, 2025
5fbf005
Rename "Upload Session" to "Publishing Session"
ewdurbin Jun 11, 2025
4139377
re-flow the doc into (mostly) lines <100
ewdurbin Jun 11, 2025
b7d8ac5
Merge branch 'main' into file_upload_mechanisms
warsaw Jul 11, 2025
98e7929
Apply suggestions from code review
ewdurbin Jul 11, 2025
1ff2415
re-order response codes in session status
ewdurbin Jul 11, 2025
e946d41
Update peps/pep-0694.rst
warsaw Jul 11, 2025
191c9fe
Update verbiage in rationale section.
ewdurbin Jul 25, 2025
dcb682b
specify that Retry-After header should be used to manage polling of t…
ewdurbin Jul 25, 2025
acbc1b1
stage previews are optionally supported by this PEP, and thus are not…
ewdurbin Jul 25, 2025
fd0e6f5
valid-for -> expires-at
ewdurbin Jul 25, 2025
472a796
clarify who owns what version specifiers
ewdurbin Jul 25, 2025
9010030
lint
ewdurbin Jul 25, 2025
7286ba5
say _something_ about authentication for upload 2.0
ewdurbin Jul 25, 2025
8896963
simplify per code review
ewdurbin Jul 25, 2025
1811f7c
Merge pull request #1 from ewdurbin/file_upload_mechanisms-auth
ewdurbin Jul 25, 2025
eceb7b5
Restore Open Questions section with notes on deferred extensions
ewdurbin Jul 28, 2025
3cbd1ca
Merge branch 'main' into file_upload_mechanisms
ewdurbin Jul 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
valid-for -> expires-at
  • Loading branch information
@ewdurbin
ewdurbin committed Jul 25, 2025
commit fd0e6f573bb9a1a986426c31fc2e719516fb1f2c
34 changes: 21 additions & 13 deletions peps/pep-0694.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -350,7 +350,7 @@ The successful response includes the following content:
},
"mechanisms": ["http-post-bytes"],
"session-token": "<token-string>",
"valid-for": 604800,
"expires-at": "2025-08-01T12:00:00Z",
"status": "pending",
"files": {},
"notices": [
Expand All @@ -376,16 +376,14 @@ the following keys:
that can be provided to installers in order to preview the staged release before it's published.
If the index does *not* support stage previewing, this key **MUST** be omitted.

``valid-for``
An integer representing how long, in seconds, until the server itself will expire this session,
``expires-at``
An ISO8601 formatted timestamp string representing when the server will expire this session,
and thus all of its content, including any uploaded files and the URL links related to the
session. This value is roughly relative to the time at which the session was created or
:ref:`extended <session-extension>`. The session **SHOULD** live at least this much longer
session. The session **SHOULD** remain active until at least this time
unless the client itself has canceled or published the session. Servers **MAY** choose to
*increase* this time, but should never *decrease* it, except naturally through the passage of
time.
extend this expiration time, but should never move it earlier.
Clients can query the :ref:`session status <session-status>`
to get time remaining in the session.
to get the current expiration time of the session.

``status``
A string that contains one of ``pending``, ``published``, ``error``, or ``canceled``,
Expand Down Expand Up @@ -664,7 +662,7 @@ The successful response includes the following:
"file-upload-session": "..."
},
"status": "pending",
"valid-for": 3600,
"expires-at": "2025-08-01T13:00:00Z",
"mechanism": {
"identifier": "http-post-bytes",
"file_url": "...",
Expand All @@ -682,6 +680,16 @@ the following keys:
A dictionary mapping :ref:`keys to URLs <file-upload-session-links>` related to this session,
the details of which are provided below.

``status``
A string with valid values ``pending``, ``processing``, ``complete``, ``error``, and ``canceled``
indicating the current state of the File Upload Session.

``expires-at``
An ISO8601 formatted timestamp string representing when the server will expire this File Upload Session.
The session **SHOULD** remain active until at least this time
unless the client cancels or completes it. Servers **MAY** choose to
extend this expiration time, but should never move it earlier.

``mechanism``
A mapping containing the necessary details for the supported mechanism
as negotiated by the client and server.
Expand Down Expand Up @@ -794,7 +802,7 @@ The server will respond to this ``GET`` request with the same
:ref:`Publishing Session creation response body <publishing-session-response>`
or :ref:`File Upload Session creation response body <file-upload-session-response>`,
that they got when they initially created the Publishing Session or File Upload Session,
except with any changes to ``status``, ``valid-for``, or ``files`` reflected.
except with any changes to ``status``, ``expires-at``, or ``files`` reflected.


.. _session-extension:
Expand Down Expand Up @@ -829,11 +837,11 @@ will respond with the same
:ref:`Publishing Session creation response body <publishing-session-response>`
or :ref:`File Upload Session creation response body <file-upload-session-response>`,
that they got when they initially created the Publishing Session or File Upload Session,
except with any changes to ``status``, ``valid-for``, or ``files`` reflected.
except with any changes to ``status``, ``expires-at``, or ``files`` reflected.

If the server refuses to extend the session for the requested number of seconds, it still returns a
success response, and the ``valid-for`` key will simply include the number of seconds remaining in
the current session.
success response, and the ``expires-at`` key will simply reflect the current expiration time of
the session.

.. _staged-preview:

Expand Down