Skip to content

Auto-release publishing to pypi.org #257

New issue
New issue
Open
Open
Auto-release publishing to pypi.org#257
Assignees
flawmop
Labels
enhancementNew feature or request
@flawmop

Description

@flawmop
flawmop
opened on May 11, 2023

For the benefit of me learning Python installing and GitHub actions I've been running some tests for how we can automate the process, rather than have to fidget with command-line instructions, tokens, etc., and I've created the "flawmop-fishdish" module with the following resources : https://github.com/flawmop/sampleproject

Test versions of this amazing module are being released to https://test.pypi.org/project/flawmop-fishdish/#history (although doing a pip install of stuff from test.pypi doesn't auto-install dependencies!), and tagged ("production") versions released to https://pypi.org/project/flawmop-fishdish/#history

This is using https://github.com/flawmop/sampleproject/blob/main/.github/workflows/test_and_publish.yml, which releases to test on each minor change, and releases to pypi.org on each tagging.
In both cases it's set up to fail if there's an attempt to overwrite an existing published version, so on each change I would need to update the version if I really want it to be published!

Initially the publishing was using API tokens issued by both test.pypi.org and pypi.org (which are stored as GitHub Action secrets). However, as long-lasting API tokens are a bit of a security concern, they're beta-testing using OIDC to generate short-lived API tokens so that GitHub Actions are considered a trusted publisher by pypi, so I requested to be involved in that. I was contacted by the PyPI/OIDC people and I've been trying it out and it's worked fine -- which is more than I can say for my git version-controlling strategy which requires more thought! They're hoping to take the PyPI/OIDC out of beta and into public release some time this month (Apr. 2023).

I noticed that recently each doc change on chaste-codegen triggered a pull request / synchronize build, so ideally we wouldn't want to be testing/uploading for that. Equally though, committed code changes would benefit from auto-testing, so it's something we can have a closer look at, but it'd depend a bit on how chaste-codegen is being developed.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions