Skip to content

CI - Swap to trusted publisher for releases #1758

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 8, 2024
Merged

CI - Swap to trusted publisher for releases #1758

merged 2 commits into from
Apr 8, 2024

Conversation

trallard
Copy link
Collaborator

@trallard trallard commented Apr 5, 2024

Closes #1754

I only modified the publish.yml workflow in this PR to remove the token.

Separately, I already added this as a trusted publisher in PyPI.

@trallard trallard added the tag: CI Pull requests that update GitHub Actions code label Apr 5, 2024
@trallard trallard mentioned this pull request Apr 5, 2024
Closed
3 tasks
@trallard trallard added the kind: enhancement New feature or request label Apr 5, 2024
@drammock
Copy link
Member

drammock commented Apr 5, 2024

WDYT about a step for building and checking the wheels with twine before pushing to PyPI? E.g.:

https://github.com/mne-tools/mne-python/blob/026e2622e9f32741ac20bc4c051bdc89bbbd3785/.github/workflows/release.yml#L26-L31

@trallard
Copy link
Collaborator Author

trallard commented Apr 5, 2024

I can do that, I actually thought about it as I was working on #1759
I have been using https://github.com/hynek/build-and-inspect-python-package for build and wheels inspection and it is a delight. But a quick twine check works well to

@drammock
Copy link
Member

drammock commented Apr 5, 2024

I have been using https://github.com/hynek/build-and-inspect-python-package for build and wheels inspection and it is a delight.

ooh, I only looked quickly but that does seem useful!

@trallard
Copy link
Collaborator Author

trallard commented Apr 8, 2024

I have now added the build-and-verify package action to the workflow per @drammock comment

@trallard trallard requested a review from drammock April 8, 2024 11:42
drammock
drammock approved these changes Apr 8, 2024
View reviewed changes
Copy link
Member

@drammock drammock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wonderful, thanks @trallard

@drammock drammock merged commit 662758e into pydata:main Apr 8, 2024
@trallard trallard deleted the trallard/use-trusted-publisher branch April 8, 2024 16:56
@drammock
Copy link
Member

drammock commented May 3, 2024

@trallard I think maybe this PR isn't working as intended. Even after ditching Codecov so that the tests all pass (prerequisite for even running the build/upload workflow), the upload step is failing:

https://github.com/pydata/pydata-sphinx-theme/actions/runs/8944060825/job/24570535182#step:3:51

If I'm reading the output of prior steps correctly, the artifact is actually named Packages.zip (see also the Artifacts section here) and I think we will need to unzip it (?) before calling the upload step (at least I can't find any mention of handling .zips at https://github.com/pypa/gh-action-pypi-publish/tree/release/v1/).

@drammock drammock mentioned this pull request May 3, 2024
Merged
ivanov pushed a commit to ivanov/pydata-sphinx-theme that referenced this pull request Jun 5, 2024
@trallard @ivanov
CI - Swap to trusted publisher for releases (pydata#1758)
38ab87b 
* 👷 Remove token based release from CI

* Add package inspection step
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drammock drammock drammock approved these changes

Assignees
No one assigned
Labels
kind: enhancement New feature or request tag: CI Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use trusted publisher for PyPI releases
2 participants
@trallard @drammock