📦 Move PyPI release workflow into the main workflow. #166
Conversation
|
@long2ice: for this one, I need your help. Could you please configure a trusted publisher for the project? Initially on https://test.pypi.org to verify the workflow is doing what it needs to do, then on PyPI itself. The trusted publisher configuration can then be used by the PyPA publisher action to push the new distributions to PyPI without the need to store PyPI token in a secret. The linked page gives you detailed instructions; all you need is these parameters:
Once the trusted publisher has been configured we can re-run the action steps here and see the package get pushed to test.pypi.org, and once that succeeds I'll remove that step to only leave the PyPI push step, which only fires when an annotated tag has been committed and pushed. In future, this workflow could also gain a github release step, but that's far less important for Python packages, and I'd like to have a changelog in place first so there is some text to push for a release. |
|
Good job! Done for that. |
|
@long2ice: Did you set up the publisher on test.pypi.org or only on the main pypi.org site? The workflow still failed with the same error, unfortunately, when it tried to publish to test.pypi. |
|
Oh I loss that, but still failed |
|
Oh I loss that, but still failed
Actually, the upload worked!
There was a new error after the upload:
ERROR RedirectDetected: https://test.pypi.org/legacy attempted to redirect to https://test.pypi.org/legacy/.
Your repository URL is missing a trailing slash. Please add it and try again.
That's fine, that's something I can fix easily. The configuration is otherwise working 😄
|
|
@long2ice: successful deployment! See https://test.pypi.org/project/fastapi-cache2/0.2.1/. I'll update the PR to only run the publish job when there was a push to a version tag, and merge. Thanks again for handling the PyPI setup! |
This ensures that any releases are fully tested before publication. The workflow first builds the distribution files (sdist, wheel) before using a deployment environment to publish these to PyPI, using the GitHub actions OpenID support to authenticate with PyPI.
|
@long2ice: last but not least, you may want to review the options to protect the deployment environment. It is not uncommon to require a manual approval by a reviewer before deploying, so you can review if the distributions created look sane before allowing the upload to happen, and to limit what branches can deploy (I'd set it to |
This ensures that any releases are fully tested before publication.
The workflow first builds the distribution files (sdist, wheel) before using a deployment environment to publish these to PyPI, using the GitHub actions OpenID support to authenticate with PyPI.
Note that this requires that a trusted publisher has been configured for the project for this to work.