Automate Package Publishing to PyPI and Test PyPI Using GitHub Actions and API Tokens

[Fovty]

Issue

Automate Package Publishing to PyPI and Test PyPI Using GitHub Actions and API Tokens

Problem to solve

Currently, the process for publishing packages to PyPI and Test PyPI involves manually setting environment variables for authentication. This can be error-prone and less secure. We need to automate the process in our GitHub Actions workflow using API tokens for secure and efficient package uploads.

Further details

• Affects the build and deployment process of Python packages.
• We will utilize the GitHub Secrets feature to securely store and access the API tokens.
• This change will streamline the deployment process, reducing the chance of human error and improving security by avoiding direct password usage.

Proposal

1. Generate API Tokens:

   • Generate API tokens for both PyPI and Test PyPI.
   • Add these tokens as secrets in the GitHub repository.

2. Update GitHub Actions Workflow:

   • Modify the existing build-publish-package.yaml to use the stored API tokens for authentication.
   • Ensure the workflow handles both Test PyPI and PyPI uploads.

Who can address the issue

This issue can be addressed by a developer with experience in:

• GitHub Actions workflows
• Python package management with Poetry and Twine
• Secure management of credentials using GitHub Secrets

Other links/references

• PyPI API Token Documentation
• GitHub Actions Secrets