Issues of the "Publish to PyPI" workflow

[seisman]

Description of the problem

The publish-to-pypi.yml workflow uploads the PyGMT packages to PyPI and/or TestPyPI.

During the release v0.3.0, we found an issue with the workflow and had a quick fix in #900.

When I reiviwed the workflow, I found two more issues:

1. We're using secrets test_pypi_password and pypi_password in the pypa/gh-action-pypi-publish action.
   

   pygmt/.github/workflows/publish-to-pypi.yml

   Lines 54 to 64 in 65b099a

   	- name: Publish to Test PyPI
   	uses: pypa/gh-action-pypi-publish@v1.4.2
   	with:
   	password: ${{ secrets.test_pypi_password }}
   	repository_url: https://test.pypi.org/legacy/
   	- name: Publish to PyPI
   	if: startsWith(github.ref, 'refs/tags')
   	uses: pypa/gh-action-pypi-publish@v1.4.2
   	with:
   	password: ${{ secrets.pypi_password }}

The names of these two secrets are confusing. They are API tokens (generated by me, if I remember correctly), not someone's passwords. We should rename them to better names, TEST_PYPI_API_TOKEN and PYPI_API_TOKEN following the official guide.

2. The workflow always fails on forks, because forks don't have these secrets. We should skip the workflow for forks.

[weiji14]

1. We should rename them to better names, TEST_PYPI_API_TOKEN and PYPI_API_TOKEN following the official guide.

Ok, renaming TEST_PYPI_PASSWORD -> TEST_PYPI_API_TOKEN and PYPI_PASSWORD -> PYPI_API_TOKEN sounds good, I can do it in PR #900.

2. The workflow always fails on forks, because forks don't have these secrets. We should skip the workflow for forks.

You sure we want to hardcode disabling Github Actions workflows for forks? I know we can add a if: github.repository == 'GenericMappingTools/pygmt' line to the workflow, but:

1. it will be hard for fork users to re-enable tests, unless they have good knowledge of Github Actions
2. fork users can disable tests themselves anyway at https://docs.github.com/en/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository.
3. I thought tests will only run if people keep their fork/branch in sync with GenericMappingTools/pygmt? I.e. if they use the pull bot.

[seisman]

You sure we want to hardcode disabling Github Actions workflows for forks? I know we can add a if: github.repository == 'GenericMappingTools/pygmt' line to the workflow, but:

I meant to add this line to the "Publish to PyPI" workflow, because forks can't do the uploads anyway (they don't have the tokens), and we also don't want to see projects like pygmt-01, pygmt-forks on PyPI.

[seisman]

For other workflows (e.g., Tests and GMT Dev Tests), I think they're disabled for forks by default but can be enabled following the documentation you just posted.