Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create automatic publish to PyPi via GitHub actions #1003

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Create automatic publish to PyPi via GitHub actions #1003

wants to merge 1 commit into from

Conversation

Andrew-Chen-Wang
Copy link
Contributor

If you're busy, you may want to consider this method of publishing to PyPi just to get patches out of the way. Just create a PyPi token on the site for this package, put it in your GitHub secrets with the name PYPI_PASSWORD, and your all set.

That way, you can just create a release via the GitHub website in a couple clicks and be on your way.

@karyon
Copy link
Contributor

karyon commented Jan 1, 2021

Sorry for the delay. This is pretty cool, thanks.

Why does it say token as the username? The github template also puts the username into the secrets.

@diox I can't manage the pypi project, so i guess I cannot create a token. Could you do that? Or give me manage privileges (might be good anyway to increase the bus factor :) )

@Andrew-Chen-Wang
Copy link
Contributor Author

No prob @karyon ! Tokens are per package whereas inputting your username and password gives access to all your packages.

@karyon
Copy link
Contributor

karyon commented Jan 1, 2021
edited

Thanks! though I was rather referring to the syntax __token__ compared to something like ${{ secrets.PYPI_TOKEN }}. What's that variable and where does it come from?

@Andrew-Chen-Wang
Copy link
Contributor Author

Andrew-Chen-Wang commented Jan 1, 2021
edited

Ah I'm pretty sure __token__ is just a string in GitHub's yaml files (e.g. in cachalot, I've got it like that but in cookiecutter-django, I think I put it in double quotes, and it was also acceptable). Maybe the double quotes are simply necessary in case of spaces?

Maybe that's the case for environment variables like ${{ secrets.PYPI_TOKEN }}? I'm not totally sure tbh. I think working in the past on GitHub actions, the double quotes just ensure it's a string when it's parsed by something like Javascript.

@karyon
Copy link
Contributor

karyon commented Jan 8, 2021

alright, thanks.

@diox, could you create and save that token or give me permissions to do so?

@diox
Copy link
Member

diox commented Jan 8, 2021
edited

I created the token and stored in in the repos secret under the PYPI_PASSWORD name.

tbh while it's nice to see this being automated, this was never the part that was blocking making new releases. The more annoying bit is coming up with a nice changelog - we've looked into automating this in the past and while it helps, there is always some manual work involved to make it a little more coherent and elegant. And of course you still need to bump the version in compressor/__init__.py, create and then push the corresponding tag, switch the branches...

@diox
Copy link
Member

diox commented Jan 8, 2021

BTW, it would be nice to double down and replace Travis with Github Actions, with the future of Travis for open-source repos looking so grim...

@Andrew-Chen-Wang
Copy link
Contributor Author

Andrew-Chen-Wang commented Jan 8, 2021
edited

@diox Not sure if what cookiecutter-django's doing is overkill for changelog (uses GitHub actions and just checks by list of PRs). Another option could be: https://github.com/Michael-F-Bryan/auto-changelog.

When it comes to actually getting this to auto commit (i.e. the versioning), take a look at this GitHub action workflow:

name: "Dependabot Automerge - Action"
on:
  pull_request:
jobs:
  worker:
    runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
    steps:
      - name: automerge
        uses: actions/github-script@0.2.0
        with:
          script: |
            github.pullRequests.createReview({
              owner: context.payload.repository.owner.login,
              repo: context.payload.repository.name,
              pull_number: context.payload.pull_request.number,
              event: 'APPROVE'
            })
            github.pullRequests.merge({
              owner: context.payload.repository.owner.login,
              repo: context.payload.repository.name,
              pull_number: context.payload.pull_request.number
            })
          github-token: ${{github.token}}

This was from https://handsonappsec.medium.com/automerge-github-dependabot-alerts-with-github-actions-7cd6f5763750

You can write some small Python script or regular shell script to bump the version. Obviously you can remove that last part (merge). (Honestly I should probably do this for my own repos...)

@browniebroke
Copy link
Contributor

Thanks! though I was rather referring to the syntax __token__ compared to something like ${{ secrets.PYPI_TOKEN }}. What's that variable and where does it come from?

That's just a placeholder to tell PyPI that you're using the API token: https://pypi.org/help/#apitoken

To use an API token:

  • Set your username to __token__
  • Set your password to the token value, including the pypi- prefix

@browniebroke browniebroke mentioned this pull request Apr 11, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Andrew-Chen-Wang @karyon @diox @browniebroke