👷📦🚀 Enable Travis CI to publish dists to PYPI #262
Conversation
webknjaz
force-pushed
the
feature/travis-cd-to-pypi
branch
from
076b715
to
e6113fc
Compare
.travis.yml
Outdated
| # This happenes when other CI (AppVeyor etc.) has already uploaded | ||
| # the very same dist (usually sdist). | ||
| skip-existing: true | ||
| user: Mariatta # TODO: consider having a separate "uploader user" |
There was a problem hiding this comment.
@Mariatta you might want to set up a separate account with "Maintainer" level privileges in PYPI to use instead of your own, which is more dangerous if it gets compomised.
Recently, we've started replacing our flows to use a deployment-dedicated user in aio-libs as well: https://github.com/aio-libs/aiohttp/blob/master/.travis.yml#L84
There was a problem hiding this comment.
@Mariatta I've just realized that blurb is deployed by @brettcannon and your account is not linked to that dist. Will you fix this by having an account with access to publish both or should I separate deployment step to have different deployer users?
.travis.yml
Outdated
| # Encrypt with `travis encrypt -r python/core-workflow --org` while using travis-ci.org; | ||
| # change to `travis encrypt -r python/core-workflow --api-endpoint 'https://api.travis-ci.com/'` | ||
| # upon switch to __free__ travis-ci.com: | ||
| secure: PLACE_YOUR_ENCRYPTED_PASSWORD_HERE |
There was a problem hiding this comment.
@Mariatta feel free to update the PR branch with a secret generated for your account as per instructions in comments above.
webknjaz
force-pushed
the
feature/travis-cd-to-pypi
branch
4 times, most recently
from
076f934
to
91b4aab
Compare
|
@Mariatta I've fixed conditionals. Demo:
It should be ready for merging (you may add PYPI creds before or after merge). |
|
@Mariatta I'm going to update this to exclude non-related builds when releasing a certain tool. This will include |
That build failed. Any clue? Just to confirm how this will work, when I'm ready to release to PyPI, just create a tag like |
|
@Mariatta oh it's fine.
I didn't put any valid PYPI credentials there. That's why this happened. It will work once you add credentials as per https://github.com/python/core-workflow/pull/262/files#diff-354f30a63fb0907d4ad57269548329e3R54. |
webknjaz
force-pushed
the
feature/travis-cd-to-pypi
branch
from
f0c6de3
to
6886155
Compare
|
@Mariatta I've made jobs appearence more granular for release mode. |
|
@Mariatta just in case it gets lost in diff page, we need to solve this as well: #262 (comment) |
|
@Mariatta do you need any additional help with this? |
Resolves python#222 @Mariatta still needs to update secret
webknjaz
force-pushed
the
feature/travis-cd-to-pypi
branch
from
1a2d21c
to
931f0c3
Compare
|
@webknjaz I've asked @brettcannon to create the bot account for deployment to PyPI. Not sure if he's gotten around doing it yet. |
|
@Mariatta alternatively you could create a shared acc yourself and then you can add it to one project with minimal privileges and @brettcannon would add it to other. If this helps :) |
|
I just created the core-workflow account. |
.travis.yml
Outdated
| # Encrypt with `travis encrypt -r python/core-workflow --org` while using travis-ci.org; | ||
| # change to `travis encrypt -r python/core-workflow --api-endpoint 'https://api.travis-ci.com/'` | ||
| # upon switch to __free__ travis-ci.com: | ||
| secure: PLACE_YOUR_ENCRYPTED_PASSWORD_HERE |
There was a problem hiding this comment.
Thanks @brettcannon for creating the core-workflow PyPI user. I've added it as maintainer to cherry_picker in PyPI.
Do you mind creating the encrypted password and add it here?
There was a problem hiding this comment.
Sent the password to Mariatta securely as I'm heading out for a short vacation once I'm done with my GitHub notifications 😄
.travis.yml
Outdated
| # This happenes when other CI (AppVeyor etc.) has already uploaded | ||
| # the very same dist (usually sdist). | ||
| skip-existing: true | ||
| user: &pypi-user Mariatta # TODO: consider having a separate "uploader user" |
There was a problem hiding this comment.
This has to be core-workflow now.
There was a problem hiding this comment.
May I expect that you will update this branch yourself?
There was a problem hiding this comment.
If not - please share the encrypted string and I'll do it myself :)
There was a problem hiding this comment.
I've updated. At least I think I did it correctly ...
There was a problem hiding this comment.
Looks fine. Sometimes it doesn't work because of corrupted secret value, but we'll only see this during actual deployment in this repo. Re-encryption usually helps.
.travis.yml
Outdated
| env: | ||
| TARGET_PKG: blurb | ||
| deploy: | ||
| <<: *deployment-config |
There was a problem hiding this comment.
I don't know if blurb maintainers (I'm not one of them) want the same capability or not. Maybe we need to remove this portion.
There was a problem hiding this comment.
I don't really like removing stuff. Instead, we can add smth likeif: false to disable this. Deal?
| - &run-if-tagged | ||
| if: tag IS present | ||
| - &run-if-cherry-picker | ||
| if: tag =~ ^cherry\-picker\-v\d+\.\d+\.\d+$ |
There was a problem hiding this comment.
@Mariatta I'm a bit concerned about restricting this to vX.Y.Z format, while in real life there might be some extensions (dev/a/b). Should I extend this regexp to take those into account?
There was a problem hiding this comment.
I think we can leave the regex as is (handling vX.Y.Z) and when the need arise we can adjust it later.
There was a problem hiding this comment.
Okay, I just thought of a common use case for testing pre-releases when you are unsure whether build artifact (dist) is correct.
|
I believe that you can merge this now. |
|
I would then test releasing mechanizm, but since it's a change, which does not affect the software, I'd add |
|
Once we have updated changelog for cherry_picker (open issue #279), I can try to cut a release. But I'm about to head to the beach now 🏖 ... |
|
🎉 |
|
Yeah, actually me too: just arrived to Cyprus a few hours ago 🌴 |
Resolves #222
@Mariatta you still need to update secret and probably add @brettcannon's account for blurb.
Some hacks present are trying to work around limitations described in travis-ci/dpl#822