Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update PyPI upload #1179

Merged
merged 3 commits into from Sep 26, 2019
Merged

Update PyPI upload #1179

merged 3 commits into from Sep 26, 2019

Conversation

dopplershift
Copy link
Member

This changes how we handle credentials for uploading to PyPI. We used to have my PyPI password, encrypted, in .travis.yml. Now that PyPI has support for tokens (which have only upload access), we can use that instead. This is set as an encrypted environment variable, PYPI_PASSWORD over on our Travis repo config (not in .travis.yml). This also makes it easy to update if there's something wrong with it at release time. Huge win to our security. It does seem like the token is attached to my account rather than the project, but at least it's not my own password nor does it have all permissions.

I've played with this on the PyPI test instance on the test-travis branch, since it needs to be a live branch to use Travis' deploy support. Everything seems to be working. You can see it here, along with the much improved project page with the new build stuff that's gone in.

This also moves our official release stuff to use Python 3.7; to keep that easy I moved the git-based builds for xarray and pint to use python 3.7-dev on Travis.

I also added some more output to try to help diagnose what's going on when we upload a ton of wheels to S3.

@dopplershift
MNT: Move release deployment to Python 3.7
3ed289e 
Also make sure our builds against git of other projects uses Python
3.7-dev, if for no other reason than we make sure we're not releasing
off them.
@dopplershift
MNT: Use PyPI token for uploading
35342e5 
This is much better than having my encrypted PyPI password with full
permissions everywhere in the .travis.yml. The new token is stored on
Travis' site and only has upload permission.
@dopplershift
MNT: Add more output for debugging artifact upload
2e7f891 
Need some more output to hopefully figure out what's going on
occassionally when we upload a bunch more wheels than necessary.
@dopplershift dopplershift added Area: Infrastructure Pertains to project infrastructure (e.g. CI, linting) Type: Enhancement Enhancement to existing functionality labels Sep 25, 2019
@dopplershift dopplershift added this to the 0.11 milestone Sep 25, 2019
@dopplershift
Copy link
Member Author

Unless this has something I messed up copying into .travis.yml, I don't expect it to affect any of the checks.

zbruick
zbruick approved these changes Sep 26, 2019
View reviewed changes
Copy link
Contributor

@zbruick zbruick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cleanup looks good!

@zbruick zbruick merged commit bd87654 into Unidata:master Sep 26, 2019
@dopplershift dopplershift deleted the update-pypi branch September 26, 2019 21:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zbruick zbruick zbruick approved these changes

Assignees
No one assigned
Labels
Area: Infrastructure Pertains to project infrastructure (e.g. CI, linting) Type: Enhancement Enhancement to existing functionality
Projects
None yet
Milestone
0.11
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dopplershift @zbruick