Add a GitHub Action to publish to PyPI #347
Conversation
| @@ -0,0 +1,119 @@ | |||
| name: Publish Python 🐍 distribution 📦 to PyPI and TestPyPI | |||
|
|
|||
| on: push | |||
There was a problem hiding this comment.
Are you sure this should be run every commit?
There was a problem hiding this comment.
Yes. We want to build each push but the process will stop at line 35 if this is not a release.
There was a problem hiding this comment.
Not sure why we need to build each push.
There was a problem hiding this comment.
Knowing when we can no longer build the project is quite a useful diagnostic.
There was a problem hiding this comment.
There was a problem hiding this comment.
It says that it's "One popular choice". IMO build breaking while the normal CI doesn't break would be so rare that testing it only on tag push is enough (we don't need to release when we push a tag).
That said, I don't care about this facet too much.
| environment: | ||
| name: pypi |
There was a problem hiding this comment.
I have added publisher on pypi
Repository: cpplint/cpplint
Workflow: release.yml
Environment name: pypi
However, I am a bit concerned about this bit - has a "pypi" environment been created in the Github repo settings?
I dont have access to the Environments section of the GitHub repo settings.
There was a problem hiding this comment.
Everyone in the cpplint org can see that tab; I don't think you accepted the maintainer invite. Could you check all your folders for the subject [GitHub] @mattyclarkson has invited you to join the @cpplint organization dated 9.5 hours ago, xx:30? I also just sent you another one a few minutes ago.
Anyways, I see there's a "testpypi" environment with nothing in it. I suspect that to be a test thing from many years ago and that @cclauss has perhaps yet to set up the environment.
There was a problem hiding this comment.
I think I can move this forward but I will need a few days to look into it.
There was a problem hiding this comment.
I have added publisher on pypi
Repository: cpplint/cpplint
Workflow: release.yml
Environment name: pypi
Can you please add a second publisher with the same settings but on:
Environment name: testpypi
6a3c6f2 to
d9feb37
Compare
|
I have commented out the job step for publication to test.pypi.org because @jayvdb does not yet have admin access there. He does have admin access to pypi.org so production releases should work once this pull request is approved and merged. |
|
If needed we could test deployment on a new TestPyPI package we create. |
Blocked by the need for repo secrets.
I have commented out the job step for publication to test.pypi.org
|
I think we should test that it works by pushing to whatever TestPyPI package we may push to first. Doesn't have to be the cpplint package; we could e.g. create a cpplint2 package for temporary testing. |
|
https://github.com/cpplint/cpplint/actions/runs/14219458049/job/39843726131
|
|
Please open a pull request that fixes or removes the signing of releases. |
|
I've tried to fix it. It seems to be some weird obscure dependency issue I couldn't understand. (But as with the testpypi fix (which also could've had a workaround added) one, I don't think we need to remove it. A cross is not hurting anything.) |
Implement PyPI’s trusted publishing and use the sigstore/gh-action-sigstore-python GitHub Action to sign the distribution packages.
This script is from https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows
An alternative would be to use https://docs.astral.sh/uv/guides/package running under https://github.com/astral-sh/setup-uv