Publish to PyPI using Trusted Publishers by hugovk · Pull Request #94 · python/cherry-picker
Conversation
Switch to PyPI's Trusted Publishers for more secure upload.
-
First, format
pyproject.tomlfor easy comparison with other projects. -
Switch backend to hatch with the hatch_vcs plugin to enable publishing to Test PyPI.
-
Add new deploy workflow using https://github.com/hynek/build-and-inspect-python-package to confirm we can build packages and inspect as desired. Done for all runs, but not uploaded yet.
-
Upload to Test PyPI on every commit on main.
-
Upload to real PyPI on GitHub Releases.
-
Remove old release job.
TODO:
- Set up Trusted Publisher on https://test.pypi.org/project/cherry_picker/
- Set up Trusted Publisher on https://pypi.org/project/cherry_picker/
- Once confirmed working, delete
PYPI_TOKENfrom this repo secrets, it's no longer needed. - Once all working, I'll create a release checklist in another PR.
|
|
||
| # Upload to real PyPI on GitHub Releases. | ||
| release-pypi: | ||
| name: Publish released package to pypi.org |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Be consistent with the previous job name.
Since we used Test PyPI before, we can use PyPI here instead of pypi.org
hugovk
left a comment
•
Loading
hugovk
left a comment
•
Loading
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(oops, this was meant to be a commit messages)
Co-authored-by: Mariatta <Mariatta@users.noreply.github.com>
hugovk
deleted the
trusted-publisher
branch
This was referenced
Oct 12, 2023This was referenced
Nov 12, 2023This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
2 participants