docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago â€ĸ verified publisher icon github

python: update PyPI publishing example

Open woodruffw opened this issue 1 year ago â€ĸ 8 comments
trafficstars

Why:

This updates the "Building and testing Python" guide to reflect the steps already documented in "Configuring OpenID Connect in PyPI", i.e. using Trusted Publishing to publish to PyPI rather than a manually configured API token.

(I don't have a linked issue for this, sorry! -- this was discussed in an email thread with @jhutchings1)

What's being changed (if available, include any code snippets, screenshots, or gifs):

I've changed the example PyPI publishing workflow to use Trusted Publishing instead of a manually configured secret. I've also tweaked the surrounding paragraphs slightly to include a link to the other GH docs page that references Trusted Publishing via OIDC, as well as to PyPI's own official docs for the feature.

Check off the following:

  • [ ] I have reviewed my changes in staging, available via the View deployment link in this PR's timeline (this link will be available after opening the PR).

    • For content changes, you will also see an automatically generated comment with links directly to pages you've modified. The comment won't appear if your PR only edits files in the data directory.

  • [x] For content changes, I have completed the self-review checklist.

woodruffw avatar Mar 19 '24 16:03 woodruffw

Thanks for submitting a PR to the GitHub Docs project!

In order to review and merge PRs most efficiently, we require that all PRs grant maintainer edit access before we review them. For information on how to do this, see the documentation.

github-actions[bot] avatar Mar 19 '24 16:03 github-actions[bot]

In order to review and merge PRs most efficiently, we require that all PRs grant maintainer edit access before we review them. For information on how to do this, see the documentation.

I created this PR from an organization fork, which (AFAICT) don't support this kind of access. I'm happy to add anybody who reviews here as a collaborator to the fork, however 🙂

woodruffw avatar Mar 19 '24 16:03 woodruffw

Automatically generated comment ℹī¸

This comment is automatically generated and will be overwritten every time changes are committed to this branch.

The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.

Content directory changes

You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.

Source Preview Production What Changed
actions/automating-builds-and-tests/building-and-testing-python.md fpt
ghec
ghes@ 3.12 3.11 3.10 3.9 3.8
fpt
ghec
ghes@ 3.12 3.11 3.10 3.9 3.8

fpt: Free, Pro, Team ghec: GitHub Enterprise Cloud ghes: GitHub Enterprise Server

github-actions[bot] avatar Mar 19 '24 16:03 github-actions[bot]

Linkchecks are failing, for reasons that I don't fully understand:

TitleFromAutotitleError: Unable to find Page by '/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi'.

As best I can tell, that's the correct path component for the OIDC page, per https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi

Edit: the previews also render the link correctly, so I'm guessing this is a CI issue.

woodruffw avatar Mar 19 '24 16:03 woodruffw

@woodruffw Thanks so much for opening a PR, along with the accompanying context! I'll get this triaged for review ✨

nguyenalex836 avatar Mar 19 '24 16:03 nguyenalex836

Thank you @nguyenalex836! Let me know if I can help at all.

woodruffw avatar Mar 19 '24 17:03 woodruffw

FYI: I'd suggest blocking this on https://github.com/actions/starter-workflows/pull/2345, since the two share the same sample workflow and should probably be consistent with each other 🙂

woodruffw avatar Mar 25 '24 15:03 woodruffw

Hi

deondre booker

On Fri, May 3, 2024, 4:25 PM Amjad08A @.***> wrote:

@.**** commented on this pull request.

content/actions/automating-builds-and-tests/building-and-testing-python.md

— Reply to this email directly, view it on GitHub https://github.com/github/docs/pull/32146#pullrequestreview-2039118523, or unsubscribe https://github.com/notifications/unsubscribe-auth/BFSC2EB2V3IPWVCQL26O463ZAQMIJAVCNFSM6AAAAABE54ZL7WVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDAMZZGEYTQNJSGM . You are receiving this because you are subscribed to this thread.Message ID: @.***>

Deondreb99 avatar May 04 '24 00:05 Deondreb99

Thanks for the contribution on this one @woodruffw! On our side, we'll try to get an SME review for this PR, possibly @jhutchings1 since you've already been working together on this.

Once we have the SME approval, we can help fix up the errors, and help publish.

jc-clark avatar May 23 '24 18:05 jc-clark

Thanks for opening a pull request! We've triaged this issue for technical review by a subject matter expert :eyes:

github-actions[bot] avatar May 23 '24 18:05 github-actions[bot]

@jc-clark The code snippet looks reasonable, and the scenarios it unblocks (namely, keyless publication of PyPI packages) are important to the community. I haven't tested it personally, but trust @woodruffw and team to have done so adequately as the maintainers of PyPI and this publication workflow.

jhutchings1 avatar May 30 '24 18:05 jhutchings1

Hey @woodruffw! I'm happy to help resolve the failing tests here, but I can't commit to this PR.

Can you enable the checkbox to allow maintainer edits? Then I'll be able to help update things and get this merged. Thank you!

https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork

jc-clark avatar Jun 13 '24 18:06 jc-clark

Can you enable the checkbox to allow maintainer edits? Then I'll be able to help update things and get this merged. Thank you!

I created this PR from an organization, not a user, so there's no checkbox for me to check for this. I think this has been a known bug for a few years: https://github.com/orgs/community/discussions/5634

I can make you a maintainer/contributor on the fork though, if that works 🙂

(PS: I still recommend blocking this on https://github.com/actions/starter-workflows/pull/2345, since the two have similar changes and this should be updated to link to the starter workflow. Could somebody review that first?)

woodruffw avatar Jun 13 '24 18:06 woodruffw

Why:

This updates the "Building and testing Python" guide to reflect the steps already documented in "Configuring OpenID Connect in PyPI", i.e. using Trusted Publishing to publish to PyPI rather than a manually configured API token.

(I don't have a linked issue for this, sorry! -- this was discussed in an email thread with @jhutchings1)

What's being changed (if available, include any code snippets, screenshots, or gifs):

I've changed the example PyPI publishing workflow to use Trusted Publishing instead of a manually configured secret. I've also tweaked the surrounding paragraphs slightly to include a link to the other GH docs page that references Trusted Publishing via OIDC, as well as to PyPI's own official docs for the feature.

Check off the following:

  • [ ] I have reviewed my changes in staging, available via the View deployment link in this PR's timeline (this link will be available after opening the PR).

    • For content changes, you will also see an automatically generated comment with links directly to pages you've modified. The comment won't appear if your PR only edits files in the data directory.

  • [x] For content changes, I have completed the self-review checklist.

trail-of-forks:ww/publishing

Hasen56 avatar Jun 13 '24 21:06 Hasen56

This PR has been automatically closed because there has been no response to to our request for more information from the original author. Please reach out if you have the information we requested, or open a new issue to describing your changes. Then we can begin the review process.

github-actions[bot] avatar Jun 20 '24 22:06 github-actions[bot]

Can an internal stakeholder please reopen this? Thanks.

woodruffw avatar Jun 20 '24 22:06 woodruffw

@woodruffw Apologies on behalf of our stalebot! I'll go ahead and give a gentle nudge to @jc-clark, just so he has visibility on your last reply 💛

nguyenalex836 avatar Jun 20 '24 23:06 nguyenalex836

Much appreciated! I also won't take any offense to someone internally either branching off of this or cherry-picking into their own PR -- whatever is easiest for you all, my main interest is just in seeing these docs improves 🙂

woodruffw avatar Jun 20 '24 23:06 woodruffw

Got it @woodruffw! I created a new PR internally and copied the changes from this to it. It should automatically close this PR once we merge.

jc-clark avatar Jun 21 '24 17:06 jc-clark

Got it @woodruffw! I created a new PR internally and copied the changes from this to it. It should automatically close this PR once we merge.

Thank you, much appreciated!

woodruffw avatar Jun 21 '24 18:06 woodruffw