thrift icon indicating copy to clipboard operation
thrift copied to clipboard

Published 20 hours ago verified publisher icon apache

THRIFT-5546: automate pypi publishing [ci skip]

Open jeking3 opened this issue 2 years ago • 5 comments

When a pre-release is created on GitHub for the repo it will publish to the TestPyPI service, and if that pre-release is promoted to a release, it will publish to the PyPI (real) service.

Using the technique described at https://cwiki.apache.org/confluence/display/BUILDS/GitHub+Actions+status to use third party github actions in the build.

Apache Infra team added the CLOUDTRUTH_API_KEY secret to the apache/thrift repo. Apache didn't have a way to help us manage our own deployment keys so I used a third party service to make it easier for us.

Here's a pre-release test build:

https://github.com/apache/thrift/actions/runs/2091974166

For context here's the project and parameters (without secret values shown) in CloudTruth so you can see what they are defined as for names to correspond with the workflow:

image

  • [X] Did you create an Apache Jira ticket? (not required for trivial changes)
  • [X] If a ticket exists: Does your pull request title follow the pattern "THRIFT-NNNN: describe my issue"?
  • [X] Did you squash your changes to a single commit? (not required, but preferred)
  • [X] Did you do your best to avoid breaking changes? If one was needed, did you label the Jira ticket with "Breaking-Change"?
  • [X] If your change does not involve any code, include [ci skip] anywhere in the commit message to free up build resources.

jeking3 avatar Apr 04 '22 19:04 jeking3

This probably needs to change and put the pypi secrets into Apache's secret store directly so we can access them, instead of going through an intermediary.

jeking3 avatar Oct 25 '22 21:10 jeking3

WOuld love to see this implemented, as currently pypi only offers Thrift 0.16.0 (which has been released some months ago)

SvenRoederer avatar Feb 20 '23 11:02 SvenRoederer

How can I help to make this possible? We would like to unblock thrift upgrades on our end

trams avatar Aug 02 '23 23:08 trams

I think now there is a way to declare a Github Action trusted and avoid adding tokens anywhere. See this documentation https://docs.pypi.org/trusted-publishers/using-a-publisher/

Their example is using pypa/gh-action-pypi-publish@release/v1 which I am not sure would work correctly with our thrift repo because we have a package inside lib/py not the root directory But I think we are not limited to use only this GitHub action

trams avatar Aug 02 '23 23:08 trams

@jeking3

Hello, is there any progress on this issue?

We need a newer python thrift client which is great 0.16.

bwangelme avatar Oct 23 '23 02:10 bwangelme