Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use trusted publishing with both PyPI and TestPyPI #129

Merged
merged 28 commits into from
Mar 20, 2025
Merged

Use trusted publishing with both PyPI and TestPyPI #129

Changes from 1 commit
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
50f13bf
Use GitHub Actions as the PyPI Trusted Publisher
sajith Mar 17, 2025
dbe7c8a
Merge remote-tracking branch 'origin/master' into 127.pypi-trusted-pu…
sajith Mar 18, 2025
64cd8ad
Use TestPyPI URL for real
sajith Mar 18, 2025
c38b501
Give write permissions to OIDC token
sajith Mar 18, 2025
efc96cf
Put the old comment back
sajith Mar 18, 2025
086a219
Use the environment name hopefully correctly
sajith Mar 18, 2025
2b8d1f2
Be verbose while I debug
sajith Mar 18, 2025
7f3f82a
Build fewer packages while I debug
sajith Mar 18, 2025
7212ba8
Perhaps the URL is important?
sajith Mar 18, 2025
29af5e3
Try overriding URL in the step
sajith Mar 18, 2025
ef08839
Use url one level above
sajith Mar 18, 2025
a04ce7a
Use separate environments for PyPI and TestPyPI
sajith Mar 18, 2025
91a64e4
Use repository_url, not repository-url
sajith Mar 18, 2025
8757b9b
Trim whitespace
sajith Mar 18, 2025
2eff545
Use correct version of pypa/gh-action-pypi-publish, hopefully
sajith Mar 18, 2025
17d8bb2
Use the same pypa/gh-action-pypi-publish version with PyPI also
sajith Mar 18, 2025
8768d22
Break an over-long line
sajith Mar 18, 2025
cf4e220
Avoid duplicating comments
sajith Mar 18, 2025
b24b178
Avoid duplicating condition triggering upload_pypi
sajith Mar 18, 2025
f841ea7
Make comments consistent with current state
sajith Mar 18, 2025
0f7f218
Add a link to the relevant part of Python Packaging User Guide
sajith Mar 18, 2025
5ce17b3
Publish both release builds and PR builds on TestPyPI
sajith Mar 18, 2025
e672269
Use current release tag of pypa/gh-action-pypi-publish, not branch
sajith Mar 18, 2025
d087e33
Add some notes about PyPI trusted publishing
sajith Mar 18, 2025
85371dd
Use repository-url, not repository_url
sajith Mar 18, 2025
3cd18c8
Build all the packages again
sajith Mar 18, 2025
6299f3a
Update comment on the top
sajith Mar 19, 2025
308bcc7
Use quotes more consistently
sajith Mar 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 0 additions & 15 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,17 +146,6 @@ jobs:
if: >-
github.event_name == 'pull_request'

with:
# Authenticate using a token from a PyPI account with upload
# permission to the project. See https://pypi.org/help/#apitoken
user: "__token__"
# Read it from a GitHub Actions "environment" secret. See
# https://docs.github.com/en/actions/security-guides/encrypted-secrets
password: "${{ secrets.testpypi_token }}"
# Override the default in order to upload it to the testing
# deployment.
repository_url: "https://test.pypi.org/legacy/"

# Now define a conditional step to upload packages to the production
# instance of PyPI.
#
Expand All @@ -168,7 +157,3 @@ jobs:
if: >-
github.event_name == 'push' &&
startsWith(github.event.ref, 'refs/tags/zfec-')

with:
user: "__token__"
password: "${{ secrets.pypi_token }}"
Loading