2019-03-27 15:58:36 -04:00
|
|
|
# PyPI publish GitHub Action
|
2020-06-03 11:53:04 -04:00
|
|
|
This action allows you to upload your [Python distribution packages]
|
2019-11-26 16:07:42 -05:00
|
|
|
in the `dist/` directory to PyPI.
|
2019-09-27 07:37:19 -04:00
|
|
|
This text suggests a minimalistic usage overview. For more detailed
|
|
|
|
walkthrough check out the [PyPA guide].
|
2019-03-27 15:58:36 -04:00
|
|
|
|
|
|
|
|
|
|
|
## Usage
|
2019-08-20 16:48:52 -04:00
|
|
|
|
2019-09-16 07:01:16 -04:00
|
|
|
To use the action add the following step to your workflow file (e.g.
|
2019-08-20 16:48:52 -04:00
|
|
|
`.github/workflows/main.yml`)
|
|
|
|
|
|
|
|
|
|
|
|
```yml
|
|
|
|
- name: Publish a Python distribution to PyPI
|
2019-08-23 07:20:45 -04:00
|
|
|
uses: pypa/gh-action-pypi-publish@master
|
2019-08-20 16:48:52 -04:00
|
|
|
with:
|
|
|
|
user: __token__
|
|
|
|
password: ${{ secrets.pypi_password }}
|
2019-03-27 15:58:36 -04:00
|
|
|
```
|
|
|
|
|
2019-09-24 17:03:49 -04:00
|
|
|
> **Pro tip**: instead of using branch pointers, like `master`, pin versions of
|
|
|
|
Actions that you use to tagged versions or sha1 commit identifiers. This will
|
|
|
|
make your workflows more secure and better reproducible, saving you from sudden
|
|
|
|
and unpleasant surprises.
|
|
|
|
|
2019-08-20 16:48:52 -04:00
|
|
|
A common use case is to upload packages only on a tagged commit, to do so add a
|
|
|
|
filter to the step:
|
2019-03-27 15:58:36 -04:00
|
|
|
|
|
|
|
|
2019-08-20 16:48:52 -04:00
|
|
|
```yml
|
2020-06-03 11:49:53 -04:00
|
|
|
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
|
2019-08-20 16:48:52 -04:00
|
|
|
```
|
|
|
|
|
|
|
|
So the full step would look like:
|
|
|
|
|
|
|
|
|
|
|
|
```yml
|
|
|
|
- name: Publish package
|
2020-06-03 11:49:53 -04:00
|
|
|
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
|
2019-08-23 07:20:45 -04:00
|
|
|
uses: pypa/gh-action-pypi-publish@master
|
2019-08-20 16:48:52 -04:00
|
|
|
with:
|
|
|
|
user: __token__
|
2019-08-23 07:19:24 -04:00
|
|
|
password: ${{ secrets.pypi_password }}
|
2019-08-20 16:48:52 -04:00
|
|
|
```
|
|
|
|
|
2020-06-03 11:53:04 -04:00
|
|
|
The example above uses the new [API token][PyPI API token] feature of
|
|
|
|
PyPI, which is recommended to restrict the access the action has.
|
2019-08-20 16:48:52 -04:00
|
|
|
|
2019-09-24 17:04:57 -04:00
|
|
|
The secret used in `${{ secrets.pypi_password }}` needs to be created on the
|
|
|
|
settings page of your project on GitHub. See [Creating & using secrets].
|
2019-03-27 15:58:36 -04:00
|
|
|
|
|
|
|
|
2019-09-12 08:06:55 -04:00
|
|
|
## Non-goals
|
|
|
|
|
|
|
|
This GitHub Action [has nothing to do with _building package
|
|
|
|
distributions_]. Users are responsible for preparing dists for upload
|
|
|
|
by putting them into the `dist/` folder prior to running this Action.
|
|
|
|
|
|
|
|
|
2019-09-15 03:16:54 -04:00
|
|
|
## Advanced release management
|
|
|
|
|
|
|
|
For best results, figure out what kind of workflow fits your
|
|
|
|
project's specific needs.
|
2019-09-16 07:01:16 -04:00
|
|
|
|
2019-09-15 03:16:54 -04:00
|
|
|
For example, you could implement a parallel workflow that
|
2019-09-19 04:04:14 -04:00
|
|
|
pushes every commit to TestPyPI or your own index server,
|
2019-09-15 03:16:54 -04:00
|
|
|
like `devpi`. For this, you'd need to (1) specify a custom
|
|
|
|
`repository_url` value and (2) generate a unique version
|
|
|
|
number for each upload so that they'd not create a conflict.
|
2019-09-16 07:01:16 -04:00
|
|
|
The latter is possible if you use `setuptools_scm` package but
|
2019-09-15 03:16:54 -04:00
|
|
|
you could also invent your own solution based on the distance
|
|
|
|
to the latest tagged commit.
|
|
|
|
|
2019-09-16 07:01:16 -04:00
|
|
|
You'll need to create another token for a separate host and then
|
|
|
|
[save it as a GitHub repo secret][Creating & using secrets].
|
2019-09-15 09:24:35 -04:00
|
|
|
|
2019-09-15 03:16:54 -04:00
|
|
|
The action invocation in this case would look like:
|
|
|
|
```yml
|
2019-09-19 04:04:14 -04:00
|
|
|
- name: Publish package to TestPyPI
|
2019-09-15 03:16:54 -04:00
|
|
|
uses: pypa/gh-action-pypi-publish@master
|
|
|
|
with:
|
|
|
|
user: __token__
|
2019-09-15 09:24:35 -04:00
|
|
|
password: ${{ secrets.test_pypi_password }}
|
2019-09-15 03:16:54 -04:00
|
|
|
repository_url: https://test.pypi.org/legacy/
|
|
|
|
```
|
|
|
|
|
2019-12-06 07:44:40 -05:00
|
|
|
### Customizing target package dists directory
|
2019-12-05 18:25:02 -05:00
|
|
|
|
|
|
|
You can change the default target directory of `dist/`
|
|
|
|
to any directory of your liking. The action invocation
|
|
|
|
would now look like:
|
|
|
|
|
|
|
|
```yml
|
2019-12-06 07:42:24 -05:00
|
|
|
- name: Publish package to PyPI
|
2019-12-05 18:25:02 -05:00
|
|
|
uses: pypa/gh-action-pypi-publish@master
|
|
|
|
with:
|
|
|
|
user: __token__
|
2019-12-06 07:42:24 -05:00
|
|
|
password: ${{ secrets.pypi_password }}
|
2019-12-06 18:09:41 -05:00
|
|
|
packages_dir: custom-dir/
|
2019-12-05 18:25:02 -05:00
|
|
|
```
|
2019-09-15 03:16:54 -04:00
|
|
|
|
2020-06-03 11:04:52 -04:00
|
|
|
### Disabling metadata verification
|
2020-06-02 11:08:43 -04:00
|
|
|
|
2020-06-03 11:04:52 -04:00
|
|
|
It is recommended that you run `twine check` just after producing your files,
|
|
|
|
but this also runs `twine check` before upload. You can also disable the twine
|
|
|
|
check with:
|
2020-06-02 11:08:43 -04:00
|
|
|
|
|
|
|
```yml
|
|
|
|
with:
|
2020-06-03 11:04:52 -04:00
|
|
|
verify_metadata: false
|
2020-06-02 11:08:43 -04:00
|
|
|
```
|
|
|
|
|
2019-03-27 15:58:36 -04:00
|
|
|
## License
|
2019-08-20 16:48:52 -04:00
|
|
|
|
2019-03-27 15:58:36 -04:00
|
|
|
The Dockerfile and associated scripts and documentation in this project
|
2019-03-29 18:48:49 -04:00
|
|
|
are released under the [BSD 3-clause license](LICENSE.md).
|
2019-08-20 16:48:52 -04:00
|
|
|
|
|
|
|
|
2019-09-24 17:04:57 -04:00
|
|
|
[Creating & using secrets]:
|
2019-11-23 13:35:12 -05:00
|
|
|
https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets
|
2019-09-12 08:06:55 -04:00
|
|
|
[has nothing to do with _building package distributions_]:
|
|
|
|
https://github.com/pypa/gh-action-pypi-publish/issues/11#issuecomment-530480449
|
2019-09-27 07:37:19 -04:00
|
|
|
[PyPA guide]:
|
|
|
|
https://packaging.python.org/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
|
2020-06-03 11:53:04 -04:00
|
|
|
[PyPI API token]: https://pypi.org/help/#apitoken
|
|
|
|
[Python distribution packages]:
|
|
|
|
https://packaging.python.org/glossary/#term-distribution-package
|