You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/tutorial.md
+56
Original file line number
Diff line number
Diff line change
@@ -179,6 +179,62 @@ Documentation updates will be published once:
179
179
instructions at [release checklist](pypi_release_checklist.md), trigger first official release and check
180
180
result at [PyPI].
181
181
182
+
### Configuring trusted publishing
183
+
184
+
This guide relies on PyPI's [trusted publishing](https://docs.pypi.org/trusted-publishers/) implementation to connect
185
+
to [GitHub Actions CI/CD](https://github.com/features/actions). This is recommended for security reasons, since
186
+
the generated tokens are created for each of your projects
187
+
individually and expire automatically. Otherwise, you'll need to generate an
188
+
[API token](https://pypi.org/help/#apitoken) for both PyPI and TestPyPI. In case of publishing to third-party
189
+
indexes like `devpi <devpi:index>`, you may need to provide a
190
+
username/password combination.
191
+
192
+
Since this guide will demonstrate uploading to both
193
+
PyPI and TestPyPI, we'll need two trusted publishers configured.
194
+
The following steps will lead you through creating the "pending" publishers
195
+
for your new :term:`PyPI project <Project>`.
196
+
However it is also possible to add [trusted publishing](https://docs.pypi.org/trusted-publishers/) to any
197
+
pre-existing project, if you are its owner.
198
+
199
+
.. attention::
200
+
201
+
If you followed earlier versions of this guide, you
202
+
have created the secrets `PYPI_API_TOKEN` and `TEST_PYPI_API_TOKEN`
203
+
for direct PyPI and TestPyPI access. These are obsolete now and
204
+
you should remove them from your GitHub repository and revoke
205
+
them in your PyPI and TestPyPI account settings in case you are replacing your old setup with the new one.
206
+
207
+
208
+
Let's begin! 🚀
209
+
210
+
1. Go to https://pypi.org/manage/account/publishing/.
211
+
2. Fill in the name you wish to publish your new
212
+
`PyPI project <Project>` under
213
+
(the `name` value in your `setup.cfg` or `pyproject.toml`),
214
+
the GitHub repository owner's name (org or user),
215
+
and repository name, and the name of the release workflow file under
216
+
the `.github/` folder, see `workflow-definition`.
217
+
Finally, add the name of the GitHub Environment
218
+
(`pypi`) we're going set up under your repository.
219
+
Register the trusted publisher.
220
+
3. Now, go to https://test.pypi.org/manage/account/publishing/ and repeat
221
+
the second step, but this time, enter `testpypi` as the name of the
222
+
GitHub Environment.
223
+
4. Your "pending" publishers are now ready for their first use and will
224
+
create your projects automatically once you use them
225
+
for the first time.
226
+
227
+
!!! note
228
+
229
+
If you don't have a TestPyPI account, you'll need to
230
+
create it. It's not the same as a regular PyPI account.
231
+
232
+
233
+
!!! warning
234
+
235
+
For security reasons, you must require `manual approval <https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules>`_
236
+
on each run for the ``pypi`` environment.
237
+
182
238
## Step 9. (Optional) Submit it to netbox.dev
183
239
184
240
If your plugin is public, submit it to [NetBox.dev Plugin Repository](https://netbox.dev/plugins/) for easy discovery by other NetBox users.
0 commit comments