Skip to content

Add pypi trusted publisher#1447

Open
lavigne958 wants to merge 2 commits into
masterfrom
feature/use_pipy_oidc
Open

Add pypi trusted publisher#1447
lavigne958 wants to merge 2 commits into
masterfrom
feature/use_pipy_oidc

Conversation

@lavigne958
Copy link
Copy Markdown
Collaborator

@lavigne958 lavigne958 commented Mar 28, 2024

Remove use of token, use Pypi OIDC from github.

closes #1331

@lavigne958
Add pypi trusted publisher
186c457 
Remove use of token, use Pypi OIDC from github.

closes #1331

Signed-off-by: Alexandre Lavigne <lavigne958@gmail.com>
@lavigne958 lavigne958 self-assigned this Mar 28, 2024
@lavigne958 lavigne958 requested a review from alifeee March 28, 2024 22:56
@lavigne958
Copy link
Copy Markdown
Collaborator Author

lavigne958 commented Mar 29, 2024

Should I push an empty new release 6.1.1 in order to test the release workflow? If it does not work then we can revert for now and push a 6.1.2 🤔

@alifeee
Copy link
Copy Markdown
Collaborator

alifeee commented Mar 29, 2024

We could use the test.pypi? and you can make a release but tag it as 6.1.1-alpha and not tick "most recent release"?

@lavigne958
Copy link
Copy Markdown
Collaborator Author

lavigne958 commented Mar 30, 2024

We could use the test.pypi? and you can make a release but tag it as 6.1.1-alpha and not tick "most recent release"?

we could, it makes me think about something that could be useful:

  • it would be nice to have some way to run this release workflow just for tests / pushing only to test.Pypi

To do that we can add some filters in the workflow, it can be based on the inputs and decide if this is a real release or not.

What I have in mind is:

  • based on the format of the tag, decide to push or not the final step to Pypi

our tags are all formatted as: vX.Y.Z

so we could filter:

  • any tag that does not comply exactly like this is for test purpose
  • any tag that exactly matches this is for release.

meaning:

  • when pushing a tag like v6.1.0-test.1 will only run the tests and push to test-pypi

what do you think ?

@alifeee
Copy link
Copy Markdown
Collaborator

alifeee commented Apr 2, 2024

what do you think ?

This sounds like a good idea to me.

I tried to think of a time we would like to push a tag that is not vX.X.X to PyPi, but I cannot. So, I think there is no problem with this idea.

@lavigne958
Copy link
Copy Markdown
Collaborator Author

lavigne958 commented Apr 2, 2024

what do you think ?

This sounds like a good idea to me.

I tried to think of a time we would like to push a tag that is not vX.X.X to PyPi, but I cannot. So, I think there is no problem with this idea.

you're right we never release 'alpha' or 'beta' or release-candidate versions.

What I will do is:

  • push some changes in the PR so we push only to test-pypi
  • then push a garbage tag on the branch of the PR (not on master branch)
  • this will trigger a release workflow on that tag
  • that tag contains a release workflow file with only push to test-pypi
  • let the workflow run
  • if it succeeded
  • add the final step to push to real pypi
  • ready to merge 👍

@lavigne958 lavigne958 force-pushed the feature/use_pipy_oidc branch from 28a227f to ba3a594 Compare April 2, 2024 17:53
@lavigne958
Copy link
Copy Markdown
Collaborator Author

lavigne958 commented Apr 2, 2024

alright, that was a good test as it does not work, nice we could catch it before real release.

may be @burnash knows, could you check please the settings you provided to Pypi just in case, when you get a chance ? matching with the workflow filename, the workflow name (which is different) and the env too ?

thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alifeee alifeee alifeee approved these changes

Assignees

@lavigne958 lavigne958

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Investigate Pypi Trusted Publisher

2 participants

@lavigne958 @alifeee