Publish blurb to PyPI using Trusted Publishers #4
Comments
|
I would add "move |
|
Added! Once in its own repo, we don't need to worry about tag collisions and can use a more standard |
|
blurb is now in its own repo 🚀
No strong preference from me, some prefer I've set up the Trusted Publisher for TestPyPI at https://test.pypi.org/manage/project/blurb/settings/publishing/ 
Here's a PR to add the release workflow: python/blurb#14. We can merge this before setting it up on production PyPI, it'll verify the TestPyPI setup. Then we need to set up production PyPI before doing a proper release. |
|
@hugovk I suggest using a GitHub Environment called |
|
I merged #14 and it successfully deployed in https://github.com/python/blurb/actions/runs/8661563398/job/23751747417 to https://test.pypi.org/project/blurb/0.1.dev64/ ✅ |
@ambv Can I add you? Do you have a Test PyPI account?
I see Brett and Larry listed at https://pypi.org/project/blurb/ @brettcannon or @larryhastings: Please could you either set up Trusted Publishers for blurb here using the same settings as #4 (comment) OR add @ambv and I'll ask him to do it? Thanks! |
|
I'm happy to help! I'm ambvtest on test.pypi.org. |
|
Thanks, invited! |
|
Accepted! |
Correction: the settings should be almost the same. The |
|
@brettcannon When you get a moment, please could you either set up Trusted Publishers for blurb here using the same settings as #4 (comment)? Or add @ambv or me to the PyPI project and we can do it? Thank you! |
|
@hugovk I unfortunately can't as I'm not an admin on the project. @larryhastings will need to add someone to make the changes. |
|
I don't think I'm an admin on this project either. |
|
@larryhastings @brettcannon only you two are listed on PyPI as maintainers. This means one of you must be an owner. Unless PyPI itself is broken somehow. |
|
It's entirely possible I'm being dumb. But I'm logged in to Github as myself, and I don't see the "Settings" tab along the top for this repository. I thought that meant I was just a contributor, not a maintainer. If I'm wrong about that, how can I determine my maintainer status on this project? |
|
This is about PyPI not GitHub:
|
|
Okay, I understand. And yes Brett and I are the two maintainers of blurb on PyPI. I'm not allowed to change anything on blurb until I enable 2FA. I'm busy just now, give me a day or two to deal with this. (Unless Brett gets to it first or something.) |
@larryhastings since Brett said he doesn't have access, I assume that his access is "Maintainer" (only allows uploading new releases IIRC) and yours is "Owner". Most things are only available to Owners. In case of putting a project under an org, the RBAC would be a bit more flexible than that. But registering orgs on PyPI is on pause per my understanding. So if you want someone else to configure trusted publishing, make sure to add them as an owner. |
|
@webknjaz I requested the "python" and "cpython" PyPI organisations in December, no news yet: https://discuss.python.org/t/request-python-organisation-on-pypi/26545/9 |
|
@hugovk I know. That PyPI support engineer might be able to get through the queue later on. I asked Mike at PyCon and apparently, they don't want to make exceptions to demonstrate to companies that they need to fund more positions like that. |
|
I've added |
|
Thanks, I've accepted, but Owner permission is needed to be able to click the Manage button to set it up: https://docs.pypi.org/trusted-publishers/adding-a-publisher/ I see: 
Please could you add Owner permissions? |
|
Thank you! I now have Owner permissions and have set up Trusted Publishing like this at https://pypi.org/manage/project/blurb/settings/publishing/: 
I'll prepare and make a release in the near future to test it out, and update https://github.com/python/blurb/blob/main/RELEASING.md as needed. I've also invited developer-in-residence @ambv as Owner to help with bus factor. |
|
Successfully released!
Thanks all! |
The short story
It would be nice to automate releases.
Long version
Similar to
cherry_picker(python/cherry-picker#94), let's set up automated deploys to PyPI.We'll need to pick a tag name format, so far we only have
cherry-picker-vX.Y.Zin this repo: https://github.com/python/core-workflow/tags. Shall we useblurb-vX.Y.Zhere?TODO
Thanks for blurb!
The text was updated successfully, but these errors were encountered: