PyBaMM
PyBaMM copied to clipboard
pybamm-team
Use trusted publisher deployment
Description
PyPI now allows and encourages uploading files without using any API TOKENS. The trusted publisher deployment can be configured from PyBaMM's PyPI dashboard -
Your account > pybamm > publishing
The tab will look something like this -
Environment name should be set to pypi while filling in the details, and the workflow should work!
[!NOTE]
The owner account will have to enable 2FA (which should not be an extra overhead, given that 2FA will be mandatory on all PyPI accounts by the end of this year).
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 99.60%. Comparing base (
8056d22) to head (6398e29). Report is 4 commits behind head on develop.
:exclamation: Current head 6398e29 differs from pull request most recent head 7f62473. Consider uploading reports for the commit 7f62473 to get more accurate results
Additional details and impacted files
@@ Coverage Diff @@
## develop #3358 +/- ##
===========================================
- Coverage 99.60% 99.60% -0.01%
===========================================
Files 259 259
Lines 21273 21268 -5
===========================================
- Hits 21189 21184 -5
Misses 84 84
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
I don't have access to it, @tinosulzer or @martinjrobins do you have access? If not, I can reset the password and set this up.
Should I chase for the access details?
Yes, that would be great. To be on the safer side, we can enable this for v24.1.
This has now been approved, so happy to go with it. @Saransh-cpp let me know if you need the credentials to log in.
@Saransh-cpp let me know if you need the credentials to log in.
That would be great, @brosaplanella. I'll be able to update everything in PyPI.
this should modify the TestPyPI job too with an accompanying addition of a testpypi environment in the repository
maybe sometime after the v24.1 release (or if someone else could take a look at it before the release)
Now should be a good time to get this in. Also, to note: the API credentials should be removed from the TestPyPI step as well.
@Saransh-cpp, @agriyakhetarpal, @brosaplanella What still needs to be done for this one?
The changes in the workflow file are correct, we just need the pypi environment set up in the repository settings and the OIDC credentials set up on PyPI (they get set up on the first upload for new projects but I don't know how it goes for projects that have had releases already)
Ahh, I always forget about this PR. Not this time.
Edit: Requested access to the PyPI project from @brosaplanella on Slack.
Okay this should be good to go now (thanks for updating the settings!)
I'll delete the API key from repository secrets once this is merged.
the API credentials should be removed from the TestPyPI step as well
Do we need this, @Saransh-cpp? Both of these uploads are in steps that use the same environment/job, so removing the API keys will break the TestPyPI uploads. We never know when we might require them.
the API credentials should be removed from the TestPyPI step as well
Do we need this, @Saransh-cpp? Both of these uploads are in steps that use the same environment/job, so removing the API keys will break the TestPyPI uploads. We never know when we might require them.
I would say we should merge this and then open a new PR to also fix the TestPyPi stuff. That way we have this in place and if we forget the next step the failing test will remind us