Skip to content
This repository was archived by the owner on Apr 16, 2026. It is now read-only.

Change to secure publishing for PyPI#388

Merged
sierra-moxon merged 2 commits into
linkml:mainfrom
dalito:pypi-safe-publishing
May 2, 2025
Merged

Change to secure publishing for PyPI#388
sierra-moxon merged 2 commits into
linkml:mainfrom
dalito:pypi-safe-publishing

Conversation

@dalito

@dalito dalito commented May 1, 2025
edited
Loading

Copy link
Copy Markdown
Member

upstream_repo: dalito/linkml
upstream_branch: issue2578-fix-uri-in-snapshot

Requires changing the configuration on PyPI. It is important to use the same environment name "pypi-release" (this name is different from some screenshots in the docs).

The upload-failure for 1.9.2-rc1 was most probably only caused by specifying the used action as pypa/gh-action-pypi-publish@v1.12. The problem is that "1.12" is not a valid tag and so the action could not be downloaded/installed. In the gh-action-pypi-publish repository they only tag full versions "1.12.4" but not the minor versions without patch level "1.12". I changed this PR to use the full version.

@codecov

codecov Bot commented May 1, 2025
edited
Loading

Copy link
Copy Markdown

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 63.79%. Comparing base (e24f65f) to head (f78774a).
Report is 3 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #388   +/-   ##
=======================================
  Coverage   63.79%   63.79%           
=======================================
  Files          63       63           
  Lines        8946     8946           
  Branches     2587     2587           
=======================================
  Hits         5707     5707           
  Misses       2633     2633           
  Partials      606      606

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dalito dalito changed the title Change to safe publishing for PyPI Change to secure publishing for PyPI May 2, 2025
@sierra-moxon sierra-moxon requested a review from Copilot May 2, 2025 16:43
Copilot AI reviewed May 2, 2025
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the PyPI publishing configuration to use trusted publishing in accordance with the official PyPI documentation. Key changes include:

  • Un-commenting and updating the trusted publishing configuration (environment and permissions).
  • Updating the GitHub action version from "v1.12" to the full valid tag "v1.12.4".
  • Activating the verbose mode on publish while removing the obsolete password parameter.

@sierra-moxon sierra-moxon merged commit 00abef0 into linkml:main May 2, 2025
@dalito dalito deleted the pypi-safe-publishing branch May 2, 2025 19:16
@dalito dalito mentioned this pull request May 8, 2025
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@sierra-moxon sierra-moxon sierra-moxon approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dalito @sierra-moxon