Skip to content

Add initial tutorial for trusted publishing. #542

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Jul 22, 2025

Conversation

mihaimaruseac
Copy link
Contributor

@mihaimaruseac mihaimaruseac commented Jul 12, 2025

This should fix #253.

mihaimaruseac and others added 2 commits July 12, 2025 12:21
This should solve pyOpenSci#253.

Signed-off-by: Mihai Maruseac <[email protected]>
Signed-off-by: Mihai Maruseac <[email protected]>
@tkoyama010
Copy link
Member

Thanks! Could you please fix the typo reported in this pre-commit CI run?

@mihaimaruseac
Copy link
Contributor Author

Working on it, sorry for the delay

Signed-off-by: Mihai Maruseac <[email protected]>
@tkoyama010
Copy link
Member

No worries at all! Thank you so much for your contribution!

@tkoyama010 tkoyama010 requested a review from Copilot July 12, 2025 19:39
Signed-off-by: Mihai Maruseac <[email protected]>
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces a new tutorial on setting up Trusted Publishing for secure, automated package releases via GitHub Actions and updates existing tutorials to reference it.

  • Added trusted-publishing.md with step-by-step guidance on configuring and hardening a GitHub Actions release workflow.
  • Updated publish-pypi.md and intro.md to link to the new Trusted Publishing tutorial.

Reviewed Changes

Copilot reviewed 3 out of 8 changed files in this pull request and generated 3 comments.

File Description
tutorials/trusted-publishing.md New tutorial for setting up and hardening Trusted Publishing
tutorials/publish-pypi.md Added references and tips about Trusted Publishing
tutorials/intro.md Updated TOC to include the new Trusted Publishing tutorial
Comments suppressed due to low confidence (1)

tutorials/publish-pypi.md:65

  • [nitpick] Use the same internal link style as other tutorials (e.g. '') for consistency.
In a [future lesson](trusted-publishing), you will learn how to create an automated GitHub Actions workflow that publishes an updated version of your package to PyPI every time you create a GitHub release.

mihaimaruseac and others added 2 commits July 12, 2025 12:41
Signed-off-by: Mihai Maruseac <[email protected]>

Co-authored-by: Copilot <[email protected]>
Signed-off-by: Mihai Maruseac <[email protected]>

Co-authored-by: Copilot <[email protected]>
@mihaimaruseac
Copy link
Contributor Author

Hmm, this is failing for the links I added to the currently added page. Should I separate the links to another PR?

@tkoyama010
Copy link
Member

Yes, that makes it easy to understand. Thanks so much for your help!

@mihaimaruseac
Copy link
Contributor Author

I think now this is a failure of the checker. It's the same as #529 (comment) (another PR that added a new file)

Copy link
Member

@flpm flpm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mihaimaruseac thanks for the PR!

We should add the new section to the table of contents in the tutorials section /tutorials/intro.md so it appears in the side bar. You can add something like Trusted publishing with GitHub Actions <trusted-publishing> after line 47.

Also, I got a warning when building because an issue with double quotes on the img tag, I made a code suggestion to fix.

About the links, I believe they don't exist because you are adding them and so they have not been published to the site yet.

@mihaimaruseac
Copy link
Contributor Author

I'll revert cb089f7 to add back the links then.

I'll also change the quotes.

Thank you for the review

@flpm
Copy link
Member

flpm commented Jul 13, 2025

Oh, I did not realize @tkoyama010 was already reviewing and had asked you to split in a different PR, I am sorry for causing confusion, I defer to his decisions here.

@mihaimaruseac
Copy link
Contributor Author

I can revert the revert again, @tkoyama010 up to you.

But I think the failure is the same on both cases, the links are newly created but the CI expects them to be there. Same failure as in #529, as mentioned above.

@flpm
Copy link
Member

flpm commented Jul 14, 2025

I agree, it's mostly to choose the most proper way to handle but it's not a problem. Thanks for fixing the quotes!

@lwasser
Copy link
Member

lwasser commented Jul 22, 2025

Hi - just to confirm - as you pointed out, our CI has a bug where any new page will fail because its not online yet and will produce a 404 page not found error. It is OK to merge this PR (when everyone is happy with the rest of the content) with that point of failure as long as the page it selfrenders :)

@lwasser
Copy link
Member

lwasser commented Jul 22, 2025

@all-contributors please add @mihaimaruseac for code, review

Copy link
Contributor

@lwasser

I've put up a pull request to add @mihaimaruseac! 🎉

@lwasser
Copy link
Member

lwasser commented Jul 22, 2025

@all-contributors please add @mihaimaruseac for docs, tutorials

Copy link
Contributor

@lwasser

I've put up a pull request to add @mihaimaruseac! 🎉

@lwasser
Copy link
Member

lwasser commented Jul 22, 2025

All CI failures here are now OK (related to a new page being added)

@lwasser
Copy link
Member

lwasser commented Jul 22, 2025

here is a rendered view it looks great.

@lwasser
Copy link
Member

lwasser commented Jul 22, 2025

Friends, let's merge this PR as is. I'll open another PR that will support a second round of review via the community :) This one won't fail because the new page will be live and we can take our time reviewing.

Thank you so so much for this pr!!!

@lwasser
Copy link
Member

lwasser commented Jul 22, 2025

oh @flpm i want to ensure you are happy with it first. i see you request changes. I THINK they were done but i'd love your input before we merge.

@flpm
Copy link
Member

flpm commented Jul 22, 2025

I am okay with it! Thanks @mihaimaruseac

@lwasser
Copy link
Member

lwasser commented Jul 22, 2025

Wonderful. Thank you so much!! i'll merge and then open another PR that we can run a community review on! @mihaimaruseac if you have bandwidth i welcome you to join that review process as well :)

@lwasser lwasser merged commit 7bc9bff into pyOpenSci:main Jul 22, 2025
3 of 4 checks passed
@mihaimaruseac mihaimaruseac deleted the trusted-publishing branch July 22, 2025 23:16
@mihaimaruseac
Copy link
Contributor Author

Thank you! I will definitely review and contribute more

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Development

Successfully merging this pull request may close these issues.

Add: page on trusted workflows (or create a tutorial section in the publishing to pypi section on trusted workflows) make sure
4 participants