Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Transition to PYPI's Trusted Publisher mechanism #1392

Open
rlaboiss opened this issue Oct 29, 2023 · 0 comments
Open

Transition to PYPI's Trusted Publisher mechanism #1392

rlaboiss opened this issue Oct 29, 2023 · 0 comments

Comments

@rlaboiss
Copy link
Contributor

Most of the Pelican's plugins under the new pelican-plugins organization publish to PyPI via the command poetry publish -u __token__ -p $PYPI_PASSWORD, in their GitHub workflow. This implies that the PyPI associated project's password must be stored in the Environment secrets of the GitHub repository.

Some plugins have already migrated to using the pypa/gh-action-pypi-publish GitHub action for publishing to PyPI, like sitemap and featured-image. In this new scheme, there is no need to store the PyPI password in GitHub, but a new Trusted Publisher must be defined at PyPI. This can be done as follows, supposing PyPI project pelican-name is associated with the pelican-plugins/name repository at GitHub:

Go to the following page:

https://pypi.org/manage/project/pelican-`name`/settings/publishing/

and fill in the form with these values:

Owner: pelican-plugins
Repository name: name
Workflow name: main.yml
Environment name: Deployment

The workflow name must correspond to the file name in .gihub/workflows.

Once you fill out the form with those values and tap the “Add” button, then the name project should be all ready for publication via the gh-action-pypi-publish action (once again, assuming that the relevant workflow file changes have also been made). Note that the above trusted publisher configuration can be done in advance — before actually switching to that method in the GitHub Action workflow — without disrupting the current publication flow.

[Acknowledgments: The above text are the almost verbatim instructions that @justinmayer sent to me some time ago.]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant