Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use an API token for uploading to PyPI from Travis CI instead of account creds #553

Closed
webknjaz opened this issue Jul 25, 2019 · 7 comments · Fixed by #840, #873 or #857
Closed

Use an API token for uploading to PyPI from Travis CI instead of account creds #553

webknjaz opened this issue Jul 25, 2019 · 7 comments · Fixed by #840, #873 or #857
Assignees
@webknjaz @gundalow @awcrosby
Labels
proposal
Milestone
4.3.1

Comments

@webknjaz
Copy link
Member

webknjaz commented Jul 25, 2019
edited
Loading

Issue Type

  • Infra improvement

Desired Behaviour

It is now possible to create an API token at https://pypi.org/manage/account/token/. Travis CI autoreleases should switch to that.

Ref: https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/31

Use __token__ for a username and the token itself for a password when using Twine: pypi/warehouse#994 (comment)
@webknjaz webknjaz self-assigned this Jul 25, 2019
@ssbarnea
Copy link
Member

ssbarnea commented Aug 2, 2019
edited
Loading

On other project I use a service account and added below variables directly to Travis admin interface (no need to edit travis file):

TWINE_USERNAME=...
TWINE_PASSWORD=...
PYPI_USER=...
PYPI_PASSWORD=...
PYPI_DISTRIBUTIONS="sdist bdist_wheel"

They will be secured by travis. In fact once you introduce it, you cannot see it again.

PS. Yes, you can use tokens there as password.

@webknjaz
Copy link
Member Author

webknjaz commented Aug 2, 2019

I know. Yet, there's certain problems with tokens&travis now + it's in beta anyway. I'm going to wait.
FWIW I like having explicit thing in .travis.yaml better than semi-hidden UI configs.

@ssbarnea
Copy link
Member

ssbarnea commented Aug 2, 2019

TBH I do not care much which method is used as long the release happens. I am currently blocked by the unreleased fix from 69f5e96 and I know several people that started to contemplate ditching ansible-lint due to its problems. I would be happy not to give them more reasons ;)

@webknjaz
Copy link
Member Author

webknjaz commented Aug 2, 2019

Creds aren't a blocker at all.

@webknjaz webknjaz added this to the 4.1.1 milestone Nov 1, 2019
@ssbarnea
Copy link
Member

Considering that this ticket can be addressed only by a very select group of people it would be nice if they could make that change. AFAIK tokens are working fine, I am already using them on other projects.

@webknjaz
Copy link
Member Author

@ssbarnea actually, Travis CI still has encryption problems in some repos. But we won't know until we try.

@awcrosby awcrosby modified the milestones: 4.1.1, 4.3.0 Nov 25, 2019
@ssbarnea ssbarnea modified the milestones: 4.3.0, 4.3.1 Jul 17, 2020
This was linked to pull requests Jul 17, 2020
Migrate publishing to PyPI from Travis CI to GHA #840
Merged
Hotfix publishing new tags to TestPyPI @ GHA #873
Merged
Prevent failing on duplicate pushes to TestPyPI @ GHA #857
Merged
@webknjaz
Copy link
Member Author

Addressed by #840 + #857 + #873.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@webknjaz webknjaz

@gundalow gundalow

@awcrosby awcrosby

Labels
proposal
Projects
None yet
Milestone
4.3.1
4 participants
@ssbarnea @webknjaz @gundalow @awcrosby