Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Move to PyPI Trusted Publisher Management #603

Merged
merged 1 commit into from
Aug 10, 2023

Conversation

ItsDrike
Copy link
Member

@ItsDrike ItsDrike commented Aug 5, 2023

No description provided.

Copy link
Member

@PerchunPak PerchunPak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I doubt that it supports poetry, but as we have the only one way to test this - production - we have no choice.

@ItsDrike
Copy link
Member Author

ItsDrike commented Aug 5, 2023

I doubt that it supports poetry, but as we have the only one way to test this - production - we have no choice.

You mean the pypa/gh-action-pypi-publish action? It has nothing to do with poetry. We use poetry to build the project, i.e. create the dist/ folder containing all of the needed distribution files (wheels) that should get uploaded to PyPI.

The action originally did that uploading with poetry publish, which is just poetry's nice utility that calls the PyPI API in the back, authenticates using the provided token and uploads the built distribution files. Projects that don't use poetry would often do twine upload dist/* instead as an example here. (You can do this even if you do use poetry, but there's no reason to install twine, since poetry has it built-in.)

This action is then just another way to do this, but it also supports the new Trusted Publisher Management, which poetry publish doesn't, that is why I switched to using it.

@PerchunPak
Copy link
Member

Also saw that you have tested it already on some other projects in Discord. Btw, here is discussion about this PR in Discord for those, who are looking for the history.

@ItsDrike ItsDrike merged commit 316516f into master Aug 10, 2023
@ItsDrike ItsDrike deleted the pypi-trusted-publisher-management branch August 10, 2023 13:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants