gh-action-pypi-publish icon indicating copy to clipboard operation
gh-action-pypi-publish copied to clipboard

Published 20 hours ago verified publisher icon pypa

Docs: Point to a full worked usage example showing recommended usage of API token, etc?

Open dbarnett opened this issue 1 year ago • 6 comments

Could the README point to some example in the wild of someone using this properly, so I could understand how to properly configure it to publish my package?

I've pushed about 10 guess-and-check commits to my repo trying to extrapolate from the docs how to hook up API tokens and everything and just keep getting one cryptic error after another. Some of the exact parts I was missing in some of those seem to be the little placeholders like # retrieve your distributions here in the examples in docs, so it would be helpful to see how at least one project configures their action properly...

dbarnett avatar Sep 21 '24 19:09 dbarnett

@dbarnett the link to the guide in the first paragraph does show how to do it. Have you followed it?

Here's my recent state of the art release automation example, hope it helps: https://github.com/ansible/awx-plugins/blob/e22c150/.github/workflows/ci-cd.yml#L748-L1150.

webknjaz avatar Sep 21 '24 23:09 webknjaz

That helps some. What I don't understand is how the token gets passed into hatch publish without the password: key or any reference from that job to GH secrets.

It also took me a while to figure out which other explicit steps and args were needed, but I think I got through all those questions through trial-and-error.

dbarnett avatar Sep 22 '24 02:09 dbarnett

That helps some. What I don't understand is how the token gets passed into hatch publish without the password: key or any reference from that job to GH secrets.

We call the ecosystem-standard tool called twine, it's agnostic to the way you build your dists. It's always twine upload and not related to any other tools you might use. You should download the dists you made in a separate job, in a less secure context and pass them to the action which calls twine to upload them and nothing else. It also does the OIDC auth dance to get the short-lived token and feed it to twine upload.

webknjaz avatar Sep 28 '24 23:09 webknjaz

@dbarnett anything else you wanted to clarify, or should we close this?

webknjaz avatar Oct 04 '24 14:10 webknjaz

Yeah, it would help to have a complete example linked from the README. Like I said, I eventually got something working through a ton of guess-and-check, but if I were starting from scratch my best hope of getting this set up properly would probably be somehow finding this issue for clarification. The examples in the README still seem way too opaque.

dbarnett avatar Oct 04 '24 16:10 dbarnett

https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ is probably a better worked through example, I found it much easier to understand than this project's README.

adamjstewart avatar Oct 05 '24 21:10 adamjstewart

Yes, that guide was created to accompany the action, which is why it is linked in the very first paragraph of the README. It is targeting an example workflow. An action is just a reusable part of a workflow, that entire document wouldn't belong here. It doesn't seem like there's anything left to do here.

webknjaz avatar Oct 30 '24 00:10 webknjaz