Update cruft

.cruft.json

@@ -1,6 +1,6 @@
 {
   "template": "https://github.com/cthoyt/cookiecutter-snekpack",
-  "commit": "0618364d751132ea40c35ef4720a350dc028bcbe",
+  "commit": "1884310d930f56787c96d4eba45bcb4a5225f7cb",
   "checkout": null,
   "context": {
     "cookiecutter": {

.github/workflows/cruft.yml

@@ -2,9 +2,7 @@
 
 name: Update repository with Cruft
 
-permissions:
-  contents: write
-  pull-requests: write
+permissions: {}
 
 on:
   workflow_dispatch:
@@ -13,6 +11,9 @@ on:
 
 jobs:
   update:
+    permissions:
+      contents: write
+      pull-requests: write
     runs-on: ubuntu-latest
     strategy:
       fail-fast: true

.github/workflows/tests.yml

@@ -4,6 +4,10 @@
 
 name: Tests
 
+# by default, give the GITHUB_TOKEN no permissions
+# See https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token
+permissions: {}
+
 on:
   push:
     branches: [ main ]
@@ -13,6 +17,11 @@ on:
 jobs:
   lint:
     name: Code Quality
+    permissions:
+      # give only read-only access to the contents of the repository
+      # this is the only permission this job requires, so keep it to the least privilege
+      # i.e., not to issues, discussions, actions, etc.
+      contents: read
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -31,6 +40,8 @@ jobs:
 
   docs:
     name: Documentation
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -56,6 +67,8 @@ jobs:
         run: uvx -p ${{ matrix.python-version }} --with tox-uv tox -e docs-test
   tests:
     name: Tests
+    permissions:
+      contents: read
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:

README.md

@@ -231,30 +231,15 @@ You only have to do the following steps once.
 
 #### Configuring your machine's connection to PyPI
 
-You have to do the following steps once per machine. Create a file in your home directory called
-`.pypirc` and include the following:
-
-```ini
-[distutils]
-index-servers =
-    pypi
-    testpypi
-
-[pypi]
-username = __token__
-password = <the API token you just got>
-
-# This block is optional in case you want to be able to make test releases to the Test PyPI server
-[testpypi]
-repository = https://test.pypi.org/legacy/
-username = __token__
-password = <an API token from test PyPI>
+You have to do the following steps once per machine. 
+
+```console
+$ uv tool install keyring
+$ keyring set https://upload.pypi.org/legacy/ __token__
+$ keyring set https://test.pypi.org/legacy/ __token__
 ```
 
-Note that since PyPI is requiring token-based authentication, we use `__token__` as the user, verbatim.
-If you already have a `.pypirc` file with a `[distutils]` section, just make sure that there is an `index-servers`
-key and that `pypi` is in its associated list. More information on configuring the `.pypirc` file can
-be found [here](https://packaging.python.org/en/latest/specifications/pypirc).
+Note that this deprecates previous workflows using `.pypirc`.
 
 #### Uploading to PyPI
 
@@ -273,8 +258,7 @@ This script does the following:
    and [`docs/source/conf.py`](docs/source/conf.py) to not have the `-dev` suffix
 2. Packages the code in both a tar archive and a wheel using
    [`uv build`](https://docs.astral.sh/uv/guides/publish/#building-your-package)
-3. Uploads to PyPI using [`twine upload`](https://github.com/pypa/twine).
-   This will be replaced soon with `uv publish` (see https://github.com/cthoyt/cookiecutter-snekpack/issues/29)
+3. Uploads to PyPI using [`uv publish`](https://docs.astral.sh/uv/guides/publish/#publishing-your-package).
 4. Push to GitHub. You'll need to make a release going with the commit where the version was bumped.
 5. Bump the version to the next patch. If you made big changes and want to bump the version by minor, you can
    use `tox -e bumpversion -- minor` after.

pyproject.toml

@@ -26,13 +26,15 @@ classifiers = [
     "Framework :: Pytest",
     "Framework :: tox",
     "Framework :: Sphinx",
+    "Natural Language :: English",
     "Programming Language :: Python",
     "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
     "Programming Language :: Python :: 3.13",
     "Programming Language :: Python :: 3 :: Only",
+    "Typing :: Typed",
 ]
 keywords = [
     "snekpack", # please keep this keyword to credit the cookiecutter-snekpack template

tox.ini

@@ -220,34 +220,19 @@ commands =
 # 3. Get account recovery codes
 # 4. Set up 2-Factor Authentication
 # 5. Get an API token from https://pypi.org/manage/account/token/
-# 6. Create a file called .pypirc in the home directory if it does not already exist.
-# 7. Add the following content to the .pypirc file
-#
-#    [distutils]
-#    index-servers=
-#      pypi
-#      testpypi
-#
-#    [pypi]
-#    username = __token__
-#    password = <the API token you just got>
-#
-#    If there's already an `index-servers =` list, just make sure you add `pypi` to it.
-#    More information about .pypirc can be found at https://packaging.python.org/en/latest/specifications/pypirc/
+# 6. Install keyring with `uv tool install keyring`
+# 7. Add your token to keyring with `keyring set https://upload.pypi.org/legacy/ __token__`
 
 [testenv:release]
 description = Release the code to PyPI so users can pip install it
 skip_install = true
-passenv =
-    TWINE_USERNAME
-    TWINE_PASSWORD
 deps =
     {[testenv:build]deps}
-    twine >= 1.5.0
+    uv
+    keyring
 commands =
     {[testenv:build]commands}
-    twine check dist/*
-    twine upload --skip-existing dist/*
+    uv publish --username __token__ --keyring-provider subprocess --publish-url https://upload.pypi.org/legacy/
 
 [testenv:finish]
 description =
@@ -256,8 +241,6 @@ description =
 skip_install = true
 passenv =
     HOME
-    TWINE_USERNAME
-    TWINE_PASSWORD
 deps =
     {[testenv:release]deps}
     bump-my-version
@@ -282,35 +265,19 @@ allowlist_externals =
 # 3. Get account recovery codes
 # 4. Set up 2-Factor Authentication
 # 5. Get an API token from https://test.pypi.org/manage/account/token/
-# 6. Create a file called .pypirc in the home directory if it does not already exist.
-# 7. Add the following content to the .pypirc file
-#
-#    [distutils]
-#    index-servers=
-#      pypi
-#      testpypi
-#
-#    [testpypi]
-#    repository = https://test.pypi.org/legacy/
-#    username = __token__
-#    password = <the API token you just got>
-#
-#    If there's already an `index-servers =` list, just make sure you add `testpypi` to it.
-#    More information about .pypirc can be found at https://packaging.python.org/en/latest/specifications/pypirc/
+# 6. Install keyring with `uv tool install keyring`
+# 7. Add your token to keyring with `keyring set https://test.pypi.org/legacy/ __token__`
 
 [testenv:testrelease]
 description = Release the code to the test PyPI site
 skip_install = true
-passenv =
-    TWINE_USERNAME
-    TWINE_PASSWORD
 deps =
     {[testenv:build]deps}
-    twine >= 1.5.0
+    uv
+    keyring
 commands =
     {[testenv:build]commands}
-    twine check dist/*
-    twine upload --skip-existing --repository testpypi dist/*
+    uv publish --username __token__ --keyring-provider subprocess --publish-url https://test.pypi.org/legacy/
 
 [testenv:testfinish]
 description =
@@ -319,8 +286,6 @@ description =
 skip_install = true
 passenv =
     HOME
-    TWINE_USERNAME
-    TWINE_PASSWORD
 deps =
     {[testenv:testrelease]deps}
     bump-my-version