Cleanup

.github/workflows/draft-changelog.yml

@@ -48,7 +48,7 @@ jobs:
           target: ${{ github.event.inputs.target }}
           branch: ${{ github.event.inputs.branch }}
           since: ${{ github.event.inputs.since }}
-          since_last_stable: ${{ github.event.intputs.since_last_stable }}
+          since_last_stable: ${{ github.event.inputs.since_last_stable }}
       - name: "** Next Step **"
         run: |
           echo "Review PR: ${{ steps.draft-changelog.outputs.pr_url }}"

.github/workflows/draft-release.yml

@@ -56,7 +56,7 @@ jobs:
           version_spec: ${{ github.event.inputs.version_spec }}
           post_version_spec: ${{ github.event.inputs.post_version_spec }}
           since: ${{ github.event.inputs.since }}
-          since_last_stable: ${{ github.event.intputs.since_last_stable }}
+          since_last_stable: ${{ github.event.inputs.since_last_stable }}
       - name: "** Next Step **"
         run: |
           echo "Run the "Publish Release" Workflow with Release Url:"

jupyter_releaser/actions/publish_release.py

@@ -2,27 +2,10 @@
 # Distributed under the terms of the Modified BSD License.
 import os
 
-from jupyter_releaser.util import CHECKOUT_NAME
-from jupyter_releaser.util import get_repo
 from jupyter_releaser.util import run
 
 release_url = os.environ["release_url"]
 run(f"jupyter-releaser extract-release {release_url}")
 run(f"jupyter-releaser forwardport-changelog {release_url}")
-
-# Extract the pypi token
-twine_pwd = os.environ.get("PYPI_TOKEN", "")
-pypi_token_map = os.environ.get("PYPI_TOKEN_MAP", "").replace(r"\n", "\n")
-if pypi_token_map:
-    pwd = os.getcwd()
-    os.chdir(CHECKOUT_NAME)
-    repo_name = get_repo()
-    for line in pypi_token_map.splitlines():
-        name, _, token = line.partition(",")
-        if name == repo_name:
-            twine_pwd = token
-    os.chdir(pwd)
-os.environ["TWINE_PASSWORD"] = twine_pwd
-
-run("jupyter-releaser publish-assets")
+run(f"jupyter-releaser publish-assets {release_url}")
 run(f"jupyter-releaser publish-release {release_url}")

jupyter_releaser/cli.py

@@ -580,13 +580,28 @@ def extract_release(auth, dist_dir, dry_run, release_url, npm_install_options):
     default="https://pypi.org/simple/",
 )
 @add_options(dry_run_options)
+@click.argument("release-url", nargs=1, required=False)
 @use_checkout_dir()
 def publish_assets(
-    dist_dir, npm_token, npm_cmd, twine_cmd, npm_registry, twine_registry, dry_run
+    dist_dir,
+    npm_token,
+    npm_cmd,
+    twine_cmd,
+    npm_registry,
+    twine_registry,
+    dry_run,
+    release_url,
 ):
     """Publish release asset(s)"""
     lib.publish_assets(
-        dist_dir, npm_token, npm_cmd, twine_cmd, npm_registry, twine_registry, dry_run
+        dist_dir,
+        npm_token,
+        npm_cmd,
+        twine_cmd,
+        npm_registry,
+        twine_registry,
+        dry_run,
+        release_url,
     )
 
 

jupyter_releaser/lib.py

@@ -373,11 +373,27 @@ def parse_release_url(release_url):
 
 
 def publish_assets(
-    dist_dir, npm_token, npm_cmd, twine_cmd, npm_registry, twine_registry, dry_run
+    dist_dir,
+    npm_token,
+    npm_cmd,
+    twine_cmd,
+    npm_registry,
+    twine_registry,
+    dry_run,
+    release_url,
 ):
     """Publish release asset(s)"""
     os.environ["NPM_REGISTRY"] = npm_registry
     os.environ["TWINE_REGISTRY"] = twine_registry
+    twine_token = ""
+
+    if len(glob(f"{dist_dir}/*.tgz")):
+        npm.handle_npm_config(npm_token)
+        if npm_token:
+            util.run("npm whoami")
+
+    if len(glob(f"{dist_dir}/*.whl")):
+        twine_token = python.get_pypi_token(release_url)
 
     if dry_run:
         # Start local pypi server with no auth, allowing overwrites,
@@ -386,22 +402,21 @@ def publish_assets(
             python.start_local_pypi()
             twine_cmd = "twine upload --repository-url=http://0.0.0.0:8081"
             os.environ["TWINE_USERNAME"] = "foo"
-            os.environ["TWINE_PASSWORD"] = "bar"
+            twine_token = twine_token or "bar"
         npm_cmd = "npm publish --dry-run"
     else:
         os.environ.setdefault("TWINE_USERNAME", "__token__")
 
-    if len(glob(f"{dist_dir}/*.tgz")):
-        npm.handle_npm_config(npm_token)
-        if npm_token:
-            util.run("npm whoami")
-
     found = False
     for path in sorted(glob(f"{dist_dir}/*.*")):
         name = Path(path).name
         suffix = Path(path).suffix
         if suffix in [".gz", ".whl"]:
-            util.retry(f"{twine_cmd} {name}", cwd=dist_dir)
+            env = os.environ.copy()
+            env["TWINE_PASSWORD"] = twine_token
+            # NOTE: Do not print the env since a twine token extracted from
+            # a PYPI_TOKEN_MAP will not be sanitized in output
+            util.retry(f"{twine_cmd} {name}", cwd=dist_dir, env=env)
             found = True
         elif suffix == ".tgz":
             # Ignore already published versions

jupyter_releaser/npm.py

@@ -135,7 +135,7 @@ def handle_npm_config(npm_token):
 
     text += f"\n{reg_entry}\n{auth_entry}"
     text = text.strip() + "\n"
-    util.log(f"writing npm config to {npmrc}:\n{text}")
+    util.log(f"writing npm config to {npmrc}")
     npmrc.write_text(text, encoding="utf-8")
 
 

jupyter_releaser/python.py

@@ -60,6 +60,30 @@ def check_dist(dist_file, test_cmd=""):
         util.run(f"{bin_path}/{test_cmd}")
 
 
+def get_pypi_token(release_url):
+    """Get the PyPI token
+
+    Note: Do not print the token in CI since it will not be sanitized
+    if it comes from the PYPI_TOKEN_MAP"""
+    twine_pwd = os.environ.get("PYPI_TOKEN", "")
+    pypi_token_map = os.environ.get("PYPI_TOKEN_MAP", "").replace(r"\n", "\n")
+    if pypi_token_map and release_url:
+        parts = release_url.replace("https://github.com/", "").split("/")
+        repo_name = f"{parts[0]}/{parts[1]}"
+        util.log(f"Looking for PYPI token for {repo_name} in token map")
+        for line in pypi_token_map.splitlines():
+            name, _, token = line.partition(",")
+            if name == repo_name:
+                twine_pwd = token
+                util.log("Found PYPI token")
+    elif twine_pwd:
+        util.log("Using PYPI token from PYPI_TOKEN")
+    else:
+        util.log("PYPI token not found")
+
+    return twine_pwd
+
+
 def start_local_pypi():
     """Start a local PyPI server"""
     temp_dir = TemporaryDirectory()

jupyter_releaser/tests/test_cli.py

@@ -648,16 +648,19 @@ def test_publish_assets_py(py_package, runner, mocker, git_prep):
     orig_run = util.run
     called = 0
 
+    os.environ["PYPI_TOKEN_MAP"] = "snuffy/test,foo-token\nfizz/buzz,bar"
+
     def wrapped(cmd, **kwargs):
         nonlocal called
         if cmd.startswith("twine upload"):
-            called += 1
+            if kwargs["env"]["TWINE_PASSWORD"] == "foo-token":
+                called += 1
         return orig_run(cmd, **kwargs)
 
     mock_run = mocker.patch("jupyter_releaser.util.run", wraps=wrapped)
 
     dist_dir = py_package / util.CHECKOUT_NAME / "dist"
-    runner(["publish-assets", "--dist-dir", dist_dir, "--dry-run"])
+    runner(["publish-assets", "--dist-dir", dist_dir, "--dry-run", HTML_URL])
     assert called == 2, called
 
     log = get_log()
@@ -679,13 +682,7 @@ def wrapped(cmd, **kwargs):
     mock_run = mocker.patch("jupyter_releaser.util.run", wraps=wrapped)
 
     runner(
-        [
-            "publish-assets",
-            "--npm-cmd",
-            "npm publish --dry-run",
-            "--dist-dir",
-            dist_dir,
-        ]
+        ["publish-assets", "--npm-cmd", "npm publish --dry-run", "--dist-dir", dist_dir]
     )
 
     assert called == 3, called
@@ -715,6 +712,7 @@ def wrapped(cmd, **kwargs):
             "npm publish --dry-run",
             "--dist-dir",
             dist_dir,
+            HTML_URL,
         ]
     )
 
@@ -745,6 +743,7 @@ def wrapped(cmd, **kwargs):
                 "npm publish --dry-run",
                 "--dist-dir",
                 dist_dir,
+                HTML_URL,
             ]
         )
 

setup.cfg

@@ -40,9 +40,8 @@ install_requires =
     requests
     requests_cache
     setuptools~=57.0
-    tomlkit==0.7.0
-    tbump==6.3.2
-    toml==0.10.2
+    tbump~=6.4
+    toml~=0.10
     twine
 
 [options.extras_require]