Action to auto publish PyPI #686
Conversation
|
@libialany thanks for the update. In case another update is required after my review please to keep working on this PR and please do not create a new one again. Thanks. |
.github/workflows/release.yml
Outdated
| name: Build package | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| PYTHON_VERSION: ${{ secrets.PYTHON_VERSION }} |
There was a problem hiding this comment.
I don't think that we should make it configurable. Lets just hard-code to use 3.12. The same comment applies to the other placeholders below.
There was a problem hiding this comment.
Thanks for your response, I will definitely do it.
.github/workflows/release.yml
Outdated
| name: dist_directory | ||
| path: dist | ||
| - name: Publish package to PyPI | ||
| if: steps.download.conclusion == 'success' && env.TOKEN != '' && github.event_name == 'push' && startsWith(github.ref, 'refs/tags') |
There was a problem hiding this comment.
Do we actually need the steps.download.conclusion == 'success' check here? If the download step fails we won't even reach the upload step, right?
Also without a token the job should fail with a clear message which doesn't seem to be the case right now. I would suggest to remove the TOKEN check.
Is there a way for dry testing those changes without publishing? Also I assume the tasks are triggered when a new release tag is being created? Maybe you could add a comment describing how it's run?
There was a problem hiding this comment.
now I understand ghp-action-pypi-publish@release better and will proceed to fix the PyPi-publish job. Thank you.
.github/workflows/release.yml
Outdated
| with: | ||
| name: dist_directory | ||
| path: dist | ||
| - name: Publish package to PyPI |
There was a problem hiding this comment.
| - name: Publish package to PyPI | |
| - name: Upload release to PyPI |
There was a problem hiding this comment.
Thanks, I'll correct it.
.github/workflows/release.yml
Outdated
| - name: Install dependencies | ||
| run: python -m pip install -U build | ||
|
|
||
| - name: Build package |
There was a problem hiding this comment.
| - name: Build package | |
| - name: Build a binary wheel and a source tarball |
There was a problem hiding this comment.
Thanks, I'll correct it
.github/workflows/release.yml
Outdated
| - name: Build package | ||
| run: python -m build | ||
|
|
||
| - name: Upload dist folder |
There was a problem hiding this comment.
| - name: Upload dist folder | |
| - name: Store the distribution packages |
There was a problem hiding this comment.
Thanks, I'll correct it
.github/workflows/release.yml
Outdated
| - name: Upload dist folder | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: dist_directory |
There was a problem hiding this comment.
| name: dist_directory | |
| name: python-package-distributions |
There was a problem hiding this comment.
Thanks, I'll correct it
.github/workflows/release.yml
Outdated
| name: Upload release to PyPI | ||
| runs-on: ubuntu-latest | ||
| needs: build | ||
| env: |
There was a problem hiding this comment.
Based on the documentation we need the following?
environment:
name: pypi
url: https://pypi.org/p/<package-name> # Replace <package-name> with your PyPI project name
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
There was a problem hiding this comment.
My mistake, I will correct it
.github/workflows/release.yml
Outdated
| uses: pypa/gh-action-pypi-publish@release/v1 | ||
| with: | ||
| user: ${{ secrets.pypi_user }} | ||
| repository-url: https://test.pypi.org/legacy/ |
There was a problem hiding this comment.
This is not our official package but points to a test instance of pypi.
There was a problem hiding this comment.
Thank you. I specified a repository URL. There are two endpoints: TestPyPi and UploadPyPi. It's highly recommended to upload your package to [TestPyPi] (https://test.pypi.org/) first. I will fix my code.
|
I have corrected the errors I had. Could you please review it?, improved |
|
I have corrected the errors I had.improved version. Thank you very much for the link. I didn't apply a test job because I believe the tests are fully covered with test.yml. Could you please review it?, |
There was a problem hiding this comment.
Thank you for the update. Scanning over the code it looks fine to me, and I think that we should get this PR merged. I expect some quirks to be still around with the trusted publisher, but those can be fixed when I'm going to try to release.
Nevertheless when I was triggering the workflow for tests on this PR all jobs failed. It's not related to your changes, but test files not being able to find on the remote server. I have to do a separate PR for that. But I would suggest that you add a test job to this workflow as requested earlier so that we could identify last minute failures and do not have to follow-up with a bugfix release shortly after. Thanks!
|
FYI I created a PR to fix the tests at #692. |
|
Thank you!. I have improved the release.yml and attempted to integrate the workflow_run:
workflows: [ Test ] # Name of the test.yml workflow
types: [ completed ] # Trigger when the test workflow completes
branches: [ master ] # Run in the master branch; the branch must be the default branch (if you specify a branch that isn't the default, it will never run)I also added a condition to the deploy job to check if the completed test workflow was successful: if: ${{ github.event.workflow_run.conclusion == 'success' }}I will learn more about testing in GitHub Actions and will review the documentation at #692. |
There was a problem hiding this comment.
Thank you for the latest update! I think that we are now at a stage where we basically should land all the changes related to the release workflow. When the next release is ready I'll try it out and if it fails will provide a follow-up patch.
Thank you @libialany for all the hard work to make this workflow a reality! It will clearly help to better automate the release process of mozdownload, and maybe we could even add more in the future like bumping the version number, updating the changelog etc...
Fixes #669.
Thank you for reviewing my latest pull request, and I've made improvements in the following ways:
pypa/gh-action-pypi-publish@release/v1accepts either a password or PyPI token. Utilize the token instead of the user's password also i change the variable name topypi_token.actions/setup-python@v5, I've set it to '3.11.9', aligning with the available Python versions for that GitHub Action.tagged commit.