Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[drive-by feedback] Update the GHA workflow for publishing to the PyPI #4

Closed
webknjaz opened this issue Feb 5, 2024 · 3 comments
Closed

[drive-by feedback] Update the GHA workflow for publishing to the PyPI #4

webknjaz opened this issue Feb 5, 2024 · 3 comments
Assignees
@NikitaBeloglazov
Labels
enhancement New feature or request

Comments

@webknjaz
Copy link

webknjaz commented Feb 5, 2024

Hey, I noticed you're using my action for uploading to the PyPI, but its version is outdated — pypa/gh-action-pypi-publish@27b3170 is 3 years old and doesn't contain modern features.

Follow https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ to get it up-to-date. The GH doc is not as detailed: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi#updating-your-github-actions-workflow.

Action items:

  • Update the action version to the recent one
  • Drop the use of API tokens and any args in with:
  • Set up a GitHub environment called pypi with required reviews in the repo settings
  • Set up OIDC on the PyPI and in the GH workflow job privileges
  • Split the jobs for building and uploading, having different privileges for security reasons
@NikitaBeloglazov NikitaBeloglazov self-assigned this Feb 7, 2024
NikitaBeloglazov added a commit that referenced this issue Feb 8, 2024
@NikitaBeloglazov
Try to update python-publish.yml and use OIDC (#4)
470a129
NikitaBeloglazov added a commit that referenced this issue Feb 8, 2024
@NikitaBeloglazov
Try №2 to update python-publish.yml and use OIDC (#4)
17eb07c
NikitaBeloglazov added a commit that referenced this issue Feb 8, 2024
@NikitaBeloglazov
Try №3 to update python-publish.yml and use OIDC (#4)
bedd811
@NikitaBeloglazov
Copy link
Owner

Yay! 🎉

  • Update the action version to the recent one
  • Drop the use of API tokens and any args in with:
  • Set up a GitHub environment called pypi with required reviews in the repo settings
  • Set up OIDC on the PyPI and in the GH workflow job privileges
  • Split the jobs for building and uploading, having different privileges for security reasons

NikitaBeloglazov added a commit that referenced this issue Feb 8, 2024
@NikitaBeloglazov
Try split the jobs for building and uploading (#4)
c66fcdd
@NikitaBeloglazov NikitaBeloglazov added the enhancement New feature or request label Feb 8, 2024
@NikitaBeloglazov
Copy link
Owner

✅ Done!

  • Update the action version to the recent one
  • Drop the use of API tokens and any args in with:
  • Set up a GitHub environment called pypi with required reviews in the repo settings
  • Set up OIDC on the PyPI and in the GH workflow job privileges
  • Split the jobs for building and uploading, having different privileges for security reasons

Thank you very much for your participation in the development of clipman, and in my other projects that use similar technologies! Have a great day!

NikitaBeloglazov added a commit to NikitaBeloglazov/ytcon that referenced this issue Aug 31, 2024
@NikitaBeloglazov
Update versioning and publish system
b01b147 
For more info, please see:
NikitaBeloglazov/clipman#8
NikitaBeloglazov/clipman#4
@NikitaBeloglazov
Copy link
Owner

✨ Ported to YTCON. Thank you again! 🌷

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NikitaBeloglazov NikitaBeloglazov

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@webknjaz @NikitaBeloglazov