[WIP] Fix Trusted Publisher configuration for PyPI deployment

[Copilot]

Fix PyPI Trusted Publisher Configuration in GitHub Actions Workflow

Plan:

• Explore repository structure and understand current state
• Review existing workflow file (.github/workflows/python-publish.yml)
• Verify tests pass in current state
• Update the workflow file with PyPI Trusted Publisher configuration
  • Add explicit pypi_server_url parameter
  • Add environment configuration if needed
  • Add comments for clarity
• Verify the changes are minimal and correct
• Run final validation

Current State:

The workflow file at .github/workflows/python-publish.yml currently publishes to PyPI using Trusted Publishers but is missing some configuration parameters that may be required by PyPI's Trusted Publisher feature.

Changes Required:

According to the problem statement, we need to:

1. Ensure the workflow aligns with PyPI's Trusted Publisher configuration requirements
2. Add necessary environment variables or configurations
3. The suggested fix includes adding explicit pypi_server_url and optionally the environment parameter

Original prompt

The GitHub Actions job defined in .github/workflows/python-publish.yml in the cfbd-python repository is failing due to a Trusted Publisher configuration issue with PyPI. The error indicates that although the token is valid, no corresponding publisher was found. This seems to be caused by either a misconfiguration on PyPI or an incomplete setup of the Trusted Publisher feature. The workflow file currently uses the pypa/gh-action-pypi-publish@release/v1 action to publish the package.

To resolve this issue:

1. Update the workflow to ensure it aligns with PyPI's Trusted Publisher configuration requirements.
2. Add any necessary environment variables or configurations required by PyPI.
3. Test the updated workflow to confirm that it resolves the issue.

Suggested Workflow Fix:

name: Upload Python Package

on:
  push:
    branches: 
      - main

jobs:
  deploy:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
    steps:
    - uses: actions/checkout@v4
    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: '3.x'
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install setuptools wheel twine
    - name: Build package
      run: |
        python setup.py sdist bdist_wheel
    - name: Publish package distributions to PyPI
      uses: pypa/gh-action-pypi-publish@release/v1
      with:
        pypi_server_url: https://upload.pypi.org/legacy/  # Ensure the correct PyPI server URL
        environment: production                           # Add environment if required by PyPI

This fix adds comments for clarity, ensures the correct PyPI server URL, and includes an environment parameter if required.

This pull request was created as a result of the following prompt from Copilot chat.

The GitHub Actions job defined in .github/workflows/python-publish.yml in the cfbd-python repository is failing due to a Trusted Publisher configuration issue with PyPI. The error indicates that although the token is valid, no corresponding publisher was found. This seems to be caused by either a misconfiguration on PyPI or an incomplete setup of the Trusted Publisher feature. The workflow file currently uses the pypa/gh-action-pypi-publish@release/v1 action to publish the package.

To resolve this issue:

1. Update the workflow to ensure it aligns with PyPI's Trusted Publisher configuration requirements.
2. Add any necessary environment variables or configurations required by PyPI.
3. Test the updated workflow to confirm that it resolves the issue.

Suggested Workflow Fix:

name: Upload Python Package

on:
  push:
    branches: 
      - main

jobs:
  deploy:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
    steps:
    - uses: actions/checkout@v4
    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: '3.x'
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install setuptools wheel twine
    - name: Build package
      run: |
        python setup.py sdist bdist_wheel
    - name: Publish package distributions to PyPI
      uses: pypa/gh-action-pypi-publish@release/v1
      with:
        pypi_server_url: https://upload.pypi.org/legacy/  # Ensure the correct PyPI server URL
        environment: production                           # Add environment if required by PyPI

This fix adds comments for clarity, ensures the correct PyPI server URL, and includes an environment parameter if required.

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

[zachringnight]

@copilot looks great. Commit suggestions