Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use PyPI Trusted Publisher #165

Open
timcera opened this issue May 17, 2024 · 2 comments
Open

Use PyPI Trusted Publisher #165

timcera opened this issue May 17, 2024 · 2 comments

Comments

@timcera
Copy link
Contributor

timcera commented May 17, 2024

Not tried this yet for my own projects, but looks like a really nice approach to use PyPI Trusted Publisher:

https://docs.pypi.org/trusted-publishers/

Configured on PyPI and what you need to specify is:

Owner (required)
respec
The GitHub organization name or GitHub username that owns the repository

Repository name (required)
HSPsquared
The name of the GitHub repository that contains the publishing workflow

Workflow name (required)
pypi_package.yml # Not made yet...
The filename of the publishing workflow. This file should exist in the .github/workflows/ directory in the repository configured above.

Environment name (optional)
release
The name of the GitHub Actions environment that the above workflow uses for publishing. This should be configured under the repository's settings. While not required, a dedicated publishing environment is strongly encouraged, especially if your repository has maintainers with commit access who shouldn't have PyPI publishing access.

@timcera
Copy link
Contributor Author

timcera commented May 18, 2024

Currently I use github secrets in https://github.com/timcera/wdmtoolbox/blob/main/.github/workflows/wheels.yml to authenticate the twine upload of wdmtoolbox packages to PyPI. The workflow runs with each commit pushed to wdmtoolbox, but twine only uploads new versions since PyPI doesn't allow to replace any existing files. Terrible hack because it only actually works when there is a version bump, but tries each commit.

@timcera
Copy link
Contributor Author

timcera commented Jul 11, 2024

I now use PyPI Trusted Publisher for my projects. Should be able to copy https://github.com/timcera/tsblender/blob/main/.github/workflows/pypi-package.yml into HPSsquared and adjust the supported python versions and then it would run tests, package hsp2, and load the package up to PyPI whenever there was a push against the master branch. We could adjust the triggers to work against some other event if desired.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant