-
-
Notifications
You must be signed in to change notification settings - Fork 419
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add basic publish command #86
Conversation
Co-authored-by: Chris Pryer <14341145+cnpryer@users.noreply.github.com>
I think it's reasonable to use twine behind the scenes but I wonder if it wouldn't be better to explicitly handle authentication. The way twine currently works makes it quite user unfriendly to get to the right experience (eg: upload with tokens). |
Love it. How does this sound?
IIRC that's roughly how |
I think what makes most sense is to propose something like this:
Since it's not possible to restrict a token to a not yet created project, we probably want to create global tokens all the way but it would be possible to only ever store a restricted token by using |
Sounds like a plan. Just a heads up I'll be pretty busy until Thursday. If I can't pick this back up before then I'll tackle this into the weekend. |
c7a1549
to
46379b0
Compare
Merge imports
TODO(cnpryer): Could probably still support .pypirc
Just want to tag f4ecb2e with https://packaging.python.org/en/latest/specifications/pypirc/ |
I'll mark this as ready to review. Struggling to find time, so maybe I can get some feedback for the next window I have to work on this. It might make sense to consider what Edit: I’ll resolve the conflicts and probably push a few more changes to make this a little more robust. I can do this later, then I’ll mark as ready for review. |
I will review this today! |
Thanks! I want to put a little more time into to the url cli argument (eg: |
rye/src/cli/publish.rs
Outdated
let token = if let Some(token) = cmd.token { | ||
let secret = Secret::new(token); | ||
let maybe_encrypted = prompt_maybe_encrypt(&secret)?; | ||
let encoded = hex::encode(maybe_encrypted.expose_secret()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could just encode the encrypted bytes. If its not encrypted we could just store it as-is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added in abd82b2
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm thinking I could provide some of my thoughts to give you a kind of warm-start to help with this review.
-
I think the
Url
change is sensible enough for me to go and make. I'll try it out and if it works I'll push. (done: ba19eff) -
I don't like always encoding/decoding the token. It's an easy fix and probably sensible to make, so I'll add that to my list. (done: abd82b2)
-
I don't like
pad_hex
+escape_string
use, so I might add this to my list. At least to better understand the serialization/deserialization of the data. -
You apparently own
dialoguer
whichmaturin
uses. I'm thinking about adding this to my list and swappingrpassword
out for it (used for passphrase prompt; done: b86d858).
Otherwise here are some questions we can focus on:
- Should we bootstrap with a
~/.rye/credentials
file? Currently this PR creates it if it doesn't exist upon request. - Should we add a "package-repository" table to the
credentials
file? Right now it's just
[pypi]
token = "your token"
So maybe something like
[package-repository]
pypi = {token = "your token"}
- Should we add support for pypirc? And if so, do we want to always prioritize this file over any
credentials
data? We can just pass this immediately totwine
if it's provided. - Do we want to support OIDC right away or get this first-pass merged and follow up?
- Could we add some kind of interaction-skipping argument (something like
--no-passphrase
)? - Should we add environment variable support for the token? If so,
RYE_REPOSITORY_URL_TOKEN
or something?
rye/src/cli/publish.rs
Outdated
#[arg(long, default_value = "https://upload.pypi.org/legacy/")] | ||
repository_url: String, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#[arg(long, default_value = "https://upload.pypi.org/legacy/")] | |
repository_url: String, | |
#[arg(long, default_value = "https://upload.pypi.org/legacy/")] | |
repository_url: Url, |
This could probably work. I'll check this out tonight.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to work.
I made a comment about handling trailing slashes in the url. If twine
doesn't handle this upfront for the user maybe we don't either. Here's the output the user would see
Enter a passphrase (optional):
Uploading distributions to https://test.pypi.org/legacy
Uploading rye_publish-0.1.0-py3-none-any.whl
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.8/3.8 kB • 00:00 • ?
ERROR RedirectDetected: https://test.pypi.org/legacy attempted to redirect to
https://test.pypi.org/legacy/.
Your repository URL is missing a trailing slash. Please add it and try again.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added Url
usage in ba19eff
rye/src/cli/publish.rs
Outdated
.get(repository) | ||
.and_then(|table| table.get("token")) | ||
.map(|token| token.to_string()) | ||
.map(clean_hex) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
clean_hex
is hacky, so if you want me to spend more time here I'm happy to. This should also move if we do https://github.com/mitsuhiko/rye/pull/86/files#r1189156856 (conditional encode/decode)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Split into pad_hex
and escape_string
but I'd still want to better understand this. I think I understand the hex padding, but having to escape the string is confusing me.
rye/src/cli/publish.rs
Outdated
.map(|token| token.to_string()) | ||
.map(clean_hex) | ||
{ | ||
let decoded = hex::decode(token)?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(conditional decode) https://github.com/mitsuhiko/rye/pull/86/files#r1189156856
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added in abd82b2
rye/src/cli/publish.rs
Outdated
let secret = Secret::new(token); | ||
let maybe_encrypted = prompt_maybe_encrypt(&secret)?; | ||
credentials[repository]["token"] = | ||
Item::Value(hex::encode(maybe_encrypted.expose_secret()).into()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(conditional encode) https://github.com/mitsuhiko/rye/pull/86/files#r1189156856
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added in abd82b2
I have time today and tomorrow morning to work on any changes here if needed. |
@@ -46,6 +46,7 @@ platformdirs==3.4.0 | |||
pyproject_hooks==1.0.0 | |||
requests==2.29.0 | |||
tomli==2.0.1 | |||
twine==4.0.2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this adds a new dependency the SELF_VERSION
needs bumping.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh nice
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added in e828154
rye/src/cli/publish.rs
Outdated
secret | ||
}; | ||
|
||
let mut publish_cmd = Command::new(venv.join("bin/python")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should use the new utility function that makes this work on windows (get_venv_python_bin
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added in f6dc079
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oof I can fix the commit message if you'd like
Looks good! |
Closes #85
How it works:
--token
)~/.rye/credentials
~/.rye/credentials
encoded keyed by--repository
(defaults "pypi")twine
(--repository-url
)See #86 (comment)
Summary of changes:
publish
commandtwine
to bootstrappingage
for encrypt/decrypt with passphraseshex
for encode/decode token datadialoguer
for passphrase promptTODO:
twine
dist
positional arguments~/.rye/credentials
Considerations
ring
is smaller butage
is easier to reason about being new to this andkeyring
looks nice (see comment tagged below)rye
bootstrap with an empty~/.rye/credentials
?--no-passphrase
/--no-interaction
flagrye
with env varsSee #86 (comment)