Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix package upload on PyPi #144

Merged
merged 4 commits into from
May 2, 2024
Merged

Fix package upload on PyPi #144

merged 4 commits into from
May 2, 2024

Conversation

sandcha
Copy link
Contributor

@sandcha sandcha commented Apr 29, 2024
edited
Loading

  • Bug fix.
  • Details:
    • Use PyPi token for deployment to fix HTTPError: 403 Forbidden on package upload

This PR needs:

  • on PyPi: a PyPi token linked to this repository added to a PyPi account having access to the OpenFisca Country-Template project (the token is on the openfisca-bot account; we can find it on the settings page)
  • on GitHub: aPYPI_TOKEN_OPENFISCA_BOT in this repository secrets

The token and the secret already existed on PyPi and GitHub.
The syntax has already been tested on other openfisca repositories (like openfisca-survey-manager).

These changes:

  • Change non-functional parts of this repository (for instance editing the README)

@sandcha sandcha changed the title Use PyPi token for deployment Fix package upload on PyPi Apr 29, 2024
@sandcha
Copy link
Contributor Author

sandcha commented Apr 29, 2024
edited
Loading

In the context of 2FA Requirement for PyPI beginning 2024-01-01, this PR fixes this CI deploy job:

Capture d’écran 2024-04-29 à 12 08 36

@sandcha sandcha marked this pull request as ready for review April 29, 2024 10:13
@sandcha sandcha requested review from MattiSG and verbman April 29, 2024 10:14
MattiSG
MattiSG requested changes Apr 29, 2024
View reviewed changes
Copy link
Member

@MattiSG MattiSG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @sandcha! I'm surprised that the PYPI_TOKEN_OPENFISCA_BOT secret is at repo level and not at organisation level. Unless it differs for each repository (which would be a good security practice), I'd find it more efficient to have it defined at org level 🙂 That's not blocking of course. The CHANGELOG is.

CHANGELOG.md Outdated
@@ -1,6 +1,12 @@
# Changelog

## 7.0.0 [#139](https://github.com/openfisca/country-template/pull/139)
### [#144](https://github.com/openfisca/country-template/pull/144)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing a version number, or should be integrated in the 7.0.0 release (preferred, since 7.0.0 was not released anyway).

I'm personally in favour of simply dropping that change altogether from the changelog, as it does not impact reusers.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, the ## was here to say that we could expect a minor bump and then, I was waiting for the review to write the final version number.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, didn't get that!

MattiSG
MattiSG reviewed Apr 29, 2024
View reviewed changes
Copy link
Member

@MattiSG MattiSG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch on the version number indent!

CHANGELOG.md Outdated Show resolved Hide resolved
This was referenced Apr 29, 2024
Merged
Merged
@sandcha
Copy link
Contributor Author

sandcha commented Apr 30, 2024
edited
Loading

Thanks @sandcha! I'm surprised that the PYPI_TOKEN_OPENFISCA_BOT secret is at repo level and not at organisation level. Unless it differs for each repository (which would be a good security practice), I'd find it more efficient to have it defined at org level 🙂 That's not blocking of course. The CHANGELOG is.

Yes, here the PYPI_TOKEN_OPENFISCA_BOT differs for each repository. 😅

I had hoped for a token per country or for the common/international repositories but it's note possible to group repositories on the PyPi website.

So, for now, a GitHub repository has its own PYPI_TOKEN_OPENFISCA_BOT (the same variable name is used for each repository) while on the PyPi interface, a specific token is given to each repository (and the name of the token contains the name of the repository).

@sandcha @MattiSG
Include the bug fix in the v 7.0.0
e672fa5 
Co-authored-by: Matti Schneider <matti@openfisca.org>
@MattiSG MattiSG merged commit ba45167 into master May 2, 2024
7 checks passed
@MattiSG MattiSG deleted the use-pypi-2fa branch May 2, 2024 07:38
MattiSG pushed a commit that referenced this pull request May 2, 2024
@sandcha @MattiSG
Use PyPi token for deployment
2b23d6b 
#144
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MattiSG MattiSG MattiSG approved these changes

@verbman verbman Awaiting requested review from verbman

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sandcha @MattiSG