camelot
camelot copied to clipboard
camelot-dev
Release to PyPI via Github Action
As the maintainer of pypdf I've recently decided to add a Github Action that can make releases of pypdf to PyPI. See https://github.com/py-pdf/pypdf/blob/main/.github/workflows/release.yaml . Maybe that is interesting for camelot as well?
Reasons for adding a workflows/release.yaml Github Action
- Saving time: Yes, releasing is just a
flit publishin my case. But still an extra step. - Reducing complexity: Again, just one step was removed. But I'm happy if this becomes easier.
- Allowing the community to release: pypdf was not active for a long time. It could happen again if I became inactive. While we have some people on Github in the py-pdf organization / the pypdf repository with e.g. the permission to merge, I didn't want to add people to the project as the permission system of PyPI is lacking (e.g. the new admins could remove myself as an admin - no chance to recover). However, you can create project-based tokens that have only the permission to publish new packages.
How it works
Requirements
- Create a PyPI token: https://pypi.org/help/#apitoken
- Add a Github Repository Secret: Go to https://github.com/camelot-dev/camelot/settings/secrets/actions and store it as a repository secret called
FLIT_PASSWORD
Triggering Workflows
I chose to use new git tags as the triggering mechanism:
on:
push:
tags:
- '*.*.*'
See https://docs.github.com/en/actions/using-workflows/triggering-a-workflow for alternatives
The action
- name: Install Flit
run: |
python -m pip install --upgrade pip
pip install flit
- name: Publish Package to PyPI🚀
env:
FLIT_USERNAME: '__token__'
FLIT_PASSWORD: ${{ secrets.FLIT_PASSWORD }}
run: |
flit publish
That would require a pyproject.toml.
You could for sure also use twine. You would just need to call the environment variables a bit different: https://twine.readthedocs.io/en/stable/
Discussion
Let me know what you think about it :-)
I love this setup!!
Apparently one needs enough permissions to setup the token. @MartinThoma Do you have these permissions?
No. Neither in github nor on pypi. I could prepare a pr for it though :-)
The Camelot-dev organisation lists @dimitern and @vinayak-mehta as people part of the organisation. They could set the repo settings and permissions.
@vinayak-mehta Shows up as recovering. But he made some contributions today to some private repo's. Let's hope he comes back here, to adjust the settings. (And add user's / bot / key to pypi.) So the community can continue this project.
@MartinThoma I can add you to the PyPI project, what's your username?
I'll follow up on some of these issues in the coming days to make sure everything is set up for the project to not be blocked without me
@MartinThoma I can add you to the PyPI project, what's your username?
I found it! https://pypi.org/user/Martin.Thoma/
Just sent you an invite
Thank you :heart: I've just accepted it. That means I can take care of releases now for camelot.
It makes me very happy that we now have the chance to revive camelot again :tada: :hugs:
The current release process is documented here: https://cookiecutter-hypermodern-python.readthedocs.io/en/2022.6.3.post1/guide.html#how-to-make-a-release
It triggers when the version in pyproject.toml gets changed and merged into master.
That doesn't work because the secrets are not set:
- I cannot create a token as I'm only a maintainer on PyPI
- I cannot add a secret to the Github reposiotry as I don't have full permissions.
