Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add pypi trusted publisher #1447

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add pypi trusted publisher #1447

wants to merge 2 commits into from

Conversation

lavigne958
Copy link
Collaborator

Remove use of token, use Pypi OIDC from github.

closes #1331

@lavigne958
Add pypi trusted publisher
186c457 
Remove use of token, use Pypi OIDC from github.

closes #1331

Signed-off-by: Alexandre Lavigne <[email protected]>
@lavigne958 lavigne958 self-assigned this Mar 28, 2024
@lavigne958 lavigne958 requested a review from alifeee March 28, 2024 22:56
@lavigne958
Copy link
Collaborator Author

Should I push an empty new release 6.1.1 in order to test the release workflow? If it does not work then we can revert for now and push a 6.1.2 🤔

@alifeee
Copy link
Collaborator

alifeee commented Mar 29, 2024

We could use the test.pypi? and you can make a release but tag it as 6.1.1-alpha and not tick "most recent release"?

@lavigne958
Copy link
Collaborator Author

We could use the test.pypi? and you can make a release but tag it as 6.1.1-alpha and not tick "most recent release"?

we could, it makes me think about something that could be useful:

  • it would be nice to have some way to run this release workflow just for tests / pushing only to test.Pypi

To do that we can add some filters in the workflow, it can be based on the inputs and decide if this is a real release or not.

What I have in mind is:

  • based on the format of the tag, decide to push or not the final step to Pypi

our tags are all formatted as: vX.Y.Z

so we could filter:

  • any tag that does not comply exactly like this is for test purpose
  • any tag that exactly matches this is for release.

meaning:

  • when pushing a tag like v6.1.0-test.1 will only run the tests and push to test-pypi

what do you think ?

@alifeee
Copy link
Collaborator

alifeee commented Apr 2, 2024

what do you think ?

This sounds like a good idea to me.

I tried to think of a time we would like to push a tag that is not vX.X.X to PyPi, but I cannot. So, I think there is no problem with this idea.

@lavigne958
Copy link
Collaborator Author

what do you think ?

This sounds like a good idea to me.

I tried to think of a time we would like to push a tag that is not vX.X.X to PyPi, but I cannot. So, I think there is no problem with this idea.

you're right we never release 'alpha' or 'beta' or release-candidate versions.

What I will do is:

  • push some changes in the PR so we push only to test-pypi
  • then push a garbage tag on the branch of the PR (not on master branch)
  • this will trigger a release workflow on that tag
  • that tag contains a release workflow file with only push to test-pypi
  • let the workflow run
  • if it succeeded
  • add the final step to push to real pypi
  • ready to merge 👍

@lavigne958
Copy link
Collaborator Author

alright, that was a good test as it does not work, nice we could catch it before real release.

may be @burnash knows, could you check please the settings you provided to Pypi just in case, when you get a chance ? matching with the workflow filename, the workflow name (which is different) and the env too ?

thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alifeee alifeee alifeee approved these changes

Assignees

@lavigne958 lavigne958

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Investigate Pypi Trusted Publisher
2 participants
@lavigne958 @alifeee