Optional pycqa service account on pypi to ease release process

[ssbarnea]

In order to easy the release management and avoid publishing using personal accounts, projects should be able to publish new releases using a service account.

This service account can be shared across the entire organization even without risking cross contamination by using repository-specific tokens (as opposed to ones that can publish any package).

In order to implement this I already created an account "pycqa" on pypa and I am going to configure it for doc8 project. The bot account is linked to [email protected] private mailing list, private being needed to allow password reset, if needed. At this moment I am the only member of this mailing list but I am more than happy to invite others.

Projects wanting to use this account should:

• add pycqa as maintainer on pypa (not owner!), so it can publish new releases
• configure tokens in their CI/CD of choice, tokens generated by someone with access to the account.

Configuration for GitHub Actions

To configure credentials for github actions, you need to access Secrets section from Settings. Secrets can be organization wide (easy by bit risky as a malicious projects could push a release for another one). If all projects are trusted, no worry.

Credentials are not accessible to PR builds, in case you wondered. More details on how to automate release process can be seen at https://github.com/marketplace/actions/pypi-publish

Configuration for Travis

Already covered at https://docs.travis-ci.com/user/deployment/pypi/