Trusted Publishing to PyPI

PyPi.md

Trusted Publishing to PyPI

PyPi no longer allows simple username/password authhentication through twine. 2FA is now required for all publisyhing.

This gist is based on this PyPA guide

Requirements

• setuptools
• setup.py -- see example below and in this project
• README.md in your project

PyPi Setup

1. Sign in to PyPi and edit a project from the Username > Your Projects menu: https://pypi.org/manage/projects/
2. [[Manage]] a project and choose [[Publishing]] and Add a new publisher
3. Fill in the details below and click [[Add]]

Github Publisher Settings

• Owner: github username or org name
• Repository Name :project name
• Workflow name: release.yml file name
  • see release.yml
• Environment name: leave this blank

GitHub Setup

This will create a workflow that publishes to PyPi when a new release is tagged.

1. Within the project, add the following file: projectroot/.github/workflows/release.yml see release.yml

Publishing to PyPi

1. Commit changes and push to github; make sure to update the version number in the project constants.py file
2. Use the Releases feature to tag a new release:

• Click on [[Releases]]
• [[Draft a new release]]
• [[Choose a tag]] and add a new version tag (e.g. v0.2.9) that matches the version in the constants.py file
• Provide a release title
• Describe the release

3. [[Publish release]]
4. Click on the [[Actions]] tab and view the workflow in progress

release.yml

on:
  release:
    types:
      - published

name: release

jobs:
  build:
    name: Build distribution
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v4
    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: "3.x"
    - name: Install pypa/build
      run: >-
       python -m pip install --upgrade pip
       pip install setuptools wheel twine
    - name: Build 
      run: python3 setup.py sdist bdist_wheel
    - name: Store the distribution packages
      uses: actions/upload-artifact@v3
      with:
        name: python-package-distributions
        path: dist/
      
  publish-to-pypi:
    name: >-
      Publish Python 🐍 distribution 📦 to PyPI
    if: startsWith(github.ref, 'refs/tags/')  # only publish to PyPI on tag pushes
    needs:
    - build
    runs-on: ubuntu-latest
    environment:
      name: pypi
      url: https://pypi.org/p/QueryLMS  # Replace <package-name> with your PyPI project name
    permissions:
      id-token: write  # IMPORTANT: mandatory for trusted publishing

    steps:
    - name: Download all the dists
      uses: actions/download-artifact@v3
      with:
        name: python-package-distributions
        path: dist/
    - name: Publish distribution 📦 to PyPI
      uses: pypa/gh-action-pypi-publish@release/v1

setup.py

import setuptools

# this pulls version information from the project `constants.py` file to and uses the project
# README.md

exec(open('<<yourproject>>/constants.py').read())


with open("README.md", "r") as fh:
    long_description = fh.read()

setuptools.setup(
    name="NAME_ON_PYPI>>",
    version=VERSIONVAR, # use the version variable stored in the project constants.py file
    author="Your Name",
    author_email="you@email.host",
    description="short description for pypi",
    long_description=long_description,
    long_description_content_type="text/markdown",
    url="https://github.com/user/projectname",
    packages=setuptools.find_packages(),
    classifiers=[
        "Intended Audience :: Developers", # fill these in to match your needs
        "Topic :: Software Development :: Libraries :: Python Modules",
        "Programming Language :: Python :: 3.x",
        "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)",
        "Operating System :: OS Independent"],
    keywords="graphics e-paper display waveshare",
    install_requires=["requests"],
    project_urls={"Source": "https://github.com/user/projectname"},
    python_requires=">=3.7",
    package_data={"documentation": ["./docs"]},
)