Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update pypi-publish.yml #99

Merged
merged 2 commits into from
Jan 11, 2024
Merged

Update pypi-publish.yml #99

merged 2 commits into from
Jan 11, 2024

Conversation

jonasscheid
Copy link
Collaborator

Warning after release:

Publish tagged release on PyPI
Input 'password' has been deprecated with message: UNSUPPORTED GITHUB ACTION VERSION You are using pypa/gh-action-pypi-publish@master. The master branch of this project has been sunset and will not receive any updates, not even security bug fixes. Please, make sure to use a supported version. If you want to pin to v1 major version, use pypa/gh-action-pypi-publish@release/v1. If you feel adventurous, you may opt to use use pypa/gh-action-pypi-publish@unstable/v1 instead. A more general recommendation is to pin to exact tags or commit SHAs. Please also consider migrading your setup to use secretless publishing: https://github.com/marketplace/actions/pypi-publish#trusted-publishing

Adjusted according to https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/

@jonasscheid
Update pypi-publish.yml
81a0696 
Warning after release:

>Publish tagged release on PyPI
Input 'password' has been deprecated with message: UNSUPPORTED GITHUB ACTION VERSION
You are using `pypa/gh-action-pypi-publish@master`. The `master` branch of this project has been sunset and will not receive any updates, not even security bug fixes. Please, make sure to use a supported version. If you want to pin to v1 major version, use `pypa/gh-action-pypi-publish@release/v1`. If you feel adventurous, you may opt to use use `pypa/gh-action-pypi-publish@unstable/v1` instead. A more general recommendation is to pin to exact tags or commit SHAs.
Please also consider migrading your setup to use secretless publishing: https://github.com/marketplace/actions/pypi-publish#trusted-publishing

Adjusted according to https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
jonasscheid
jonasscheid commented Jan 10, 2024
View reviewed changes
.github/workflows/pypi-publish.yml Outdated
@@ -37,11 +37,11 @@ jobs:
mmv -v dist/'*.*.*-*' dist/'#1.#2.#3-'$timestamp'-#4'
Copy link
Collaborator Author

@jonasscheid jonasscheid Jan 10, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@christopher-mohr what was the rationale behind this timestamp? afaik that prevents bioconda from automatically bumping the version when a new release is published on pypi no?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure who added this initially to be honest. Do you have a link to docs for that?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So you can create receips with conda skeleton :https://bioconda.github.io/contributor/guidelines.html#python

And all packages that I created via this are autobumped if the version of pypi is also bumped

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see the connection to the time stamp at the moment. But in general I do not insist on keeping them.

@christopher-mohr
Copy link
Collaborator

Did you find anything on the error message?

ERROR HTTPError: 400 Bad Request from https://test.pypi.org/legacy/
Start filename for 'epytope' with 'epytope'.

@jonasscheid
Copy link
Collaborator Author

I think it is releated to inserting the timestamp in the filename of the tarball --> https://peps.python.org/pep-0625/#specification
Convention is {distribution}-{version}.tar.gz.

@jonasscheid
Copy link
Collaborator Author

jonasscheid commented Jan 11, 2024
edited
Loading

I'll force push from dev to main later if you are fine with this and approved this one

christopher-mohr
christopher-mohr approved these changes Jan 11, 2024
View reviewed changes
Copy link
Collaborator

@christopher-mohr christopher-mohr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@christopher-mohr christopher-mohr merged commit 5a62bd5 into develop Jan 11, 2024
3 checks passed
@christopher-mohr
Copy link
Collaborator

I'll force push from dev to main later if you are fine with this and approved this one

approved, or just open a PR? Also don't forget to delete the old release

@jonasscheid jonasscheid mentioned this pull request Jan 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@christopher-mohr christopher-mohr christopher-mohr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jonasscheid @christopher-mohr