Create python-publish.yml #249
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #249 +/- ##
=======================================
Coverage 99.18% 99.18%
=======================================
Files 36 36
Lines 1843 1843
=======================================
Hits 1828 1828
Misses 15 15 ☔ View full report in Codecov by Sentry. |
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 |
There was a problem hiding this comment.
something I wasn't sure on, should this just use the same micromamba checkout we use for CI? Or is this good enough for package building?
There was a problem hiding this comment.
If you're building python wheels for pypi I'd got pure Python - so this route
| uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29 | ||
| with: | ||
| user: __token__ | ||
| password: ${{ secrets.PYPI_API_TOKEN }} |
There was a problem hiding this comment.
the recommend way to do this is to use OIDC now, so you don't use the token/user and just make it a trusted workflow on pypi
There was a problem hiding this comment.
So this thing instead? https://docs.pypi.org/trusted-publishers/creating-a-project-through-oidc/
| python-version: '3.x' | ||
| - name: Install dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip versioningit |
There was a problem hiding this comment.
you should not need this, this is pulled in by build_requires
| - name: Install dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip versioningit | ||
| pip install build |
There was a problem hiding this comment.
I would just install pipx here and run pipx run build below, env isolation can be nice to make sure you didn't pull anything weird earlier (you shouldn't but I get really skeptical of github python setup actions).
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - name: Set up Python | ||
| uses: actions/setup-python@v3 |
There was a problem hiding this comment.
| uses: actions/setup-python@v3 | |
| uses: actions/setup-python@v4 |
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 |
There was a problem hiding this comment.
| - uses: actions/checkout@v3 | |
| - uses: actions/checkout@v4 |
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 |
There was a problem hiding this comment.
If you're building python wheels for pypi I'd got pure Python - so this route
| - name: Build package | ||
| run: python -m build | ||
| - name: Publish package | ||
| uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29 |
There was a problem hiding this comment.
Any reason to not pin to a specific release version?
There was a problem hiding this comment.
I just clicked the action button and it gave me this
| name: Upload Python Package | ||
|
|
||
| on: | ||
| release: |
There was a problem hiding this comment.
Do you want to also do a testpypi release on tags?
There was a problem hiding this comment.
Doesn't seem necessary?
There was a problem hiding this comment.
I'd only do it so you can save yourself a bugfix push, it's fine if you don't mess with packaging too often though.
I would however recommend that you do pull down the package and run tests post deploy though - that way you don't have to think about "will it work".
I wrote a re-usable action for this here: https://github.com/MDAnalysis/pypi-deployment/tree/main
You can see an example of it here: https://github.com/MDAnalysis/MDAnalysisData/blob/master/.github/workflows/deploy.yaml
(you can remove the test deployment if you don't want it).
Advantage of the re-usable action is that you only have to update a single place and everything will keep working.
Fixes #247