Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This changes how we handle credentials for uploading to PyPI. We used to have my PyPI password, encrypted, in
.travis.yml
. Now that PyPI has support for tokens (which have only upload access), we can use that instead. This is set as an encrypted environment variable,PYPI_PASSWORD
over on our Travis repo config (not in.travis.yml
). This also makes it easy to update if there's something wrong with it at release time. Huge win to our security. It does seem like the token is attached to my account rather than the project, but at least it's not my own password nor does it have all permissions.I've played with this on the PyPI test instance on the
test-travis
branch, since it needs to be a live branch to use Travis' deploy support. Everything seems to be working. You can see it here, along with the much improved project page with the new build stuff that's gone in.This also moves our official release stuff to use Python 3.7; to keep that easy I moved the git-based builds for xarray and pint to use python 3.7-dev on Travis.
I also added some more output to try to help diagnose what's going on when we upload a ton of wheels to S3.