packaging
packaging copied to clipboard
pypa
Automate releasing
As https://packaging.pypa.io/en/latest/development/release-process/ points out, it's already mostly automated. I think if we added a PyPI token and then used https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/ with the version number to release as the sole input we can make it so we can cut a release entirely in the browser.
Are you picturing this as a release.yml in .github/workflows? With the GPG password and API token mentioned by https://packaging.pypa.io/en/latest/development/release-process.html as secrets stored on GitHub? (A bit like https://github.com/pypa/gh-action-pypi-publish, but with workflow_dispatch like you mentioned?)
Yeah, basically. Since there are multiple maintainers of this project, all of whom have the ability/clearance to do a release, automating it so it's as much of a button click as possible would be good.
Noting for whenever we get to this: the current best practice is to use trusted publishers, which can also be combined with workflows blocking on approvals.
Yep, I was actually thinking about this issue last week when I was setting trusted publishers up on some of my personal projects. 🙂
With the GPG password
GPG support has been deprecated on the PyPI but we've added a Sigstore usage example to my PyPUG guide: https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#signing-the-distribution-packages. It's passwordless and is integrated the same way as trusted publishing — through OIDC.
