Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove pypi token usage #556

Open
blink1073 opened this issue Feb 24, 2024 · 2 comments
Open

Remove pypi token usage #556

blink1073 opened this issue Feb 24, 2024 · 2 comments
Labels
bug Something isn't working maintenance

Comments

@blink1073
Copy link
Contributor

Description

For the next major version (v3), I propose we remove support for PyPI tokens, and only support PyPI Trusted Publishing.
This will mean that release-from-releaser will no longer work unless you configure the project to accept trusted publishing from your fork of jupyter_releaser.

We would drop support for PYPI_TOKEN, PYPI_TOKEN_MAP, and TWINE_USERNAME. Test PyPI also supports trusted publishing, so that part of the instructions would need to be updated.
@blink1073 blink1073 added bug Something isn't working maintenance labels Feb 24, 2024
@ElioDiNino
Copy link
Contributor

This would mean that publishing from private repositories would no longer work just as a note

@blink1073
Copy link
Contributor Author

Fair, we could keep PYPI_TOKEN and recommend against using it unless using a private repository. We would still want to get rid of TWINE_USERNAME since it should always be __token__, and still get rid of PYPI_TOKEN_MAP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working maintenance
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@blink1073 @ElioDiNino