jupyter_releaser icon indicating copy to clipboard operation
jupyter_releaser copied to clipboard

Published 20 hours ago verified publisher icon jupyter-server

Remove pypi token usage

Open blink1073 opened this issue 1 year ago • 2 comments
trafficstars

Description

For the next major version (v3), I propose we remove support for PyPI tokens, and only support PyPI Trusted Publishing. This will mean that release-from-releaser will no longer work unless you configure the project to accept trusted publishing from your fork of jupyter_releaser.

We would drop support for PYPI_TOKEN, PYPI_TOKEN_MAP, and TWINE_USERNAME. Test PyPI also supports trusted publishing, so that part of the instructions would need to be updated.

blink1073 avatar Feb 24 '24 15:02 blink1073

This would mean that publishing from private repositories would no longer work just as a note

ElioDiNino avatar Feb 26 '24 15:02 ElioDiNino

Fair, we could keep PYPI_TOKEN and recommend against using it unless using a private repository. We would still want to get rid of TWINE_USERNAME since it should always be __token__, and still get rid of PYPI_TOKEN_MAP.

blink1073 avatar Feb 26 '24 20:02 blink1073