-
Notifications
You must be signed in to change notification settings - Fork 72
Add initial tutorial for trusted publishing. #542
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
This should solve pyOpenSci#253. Signed-off-by: Mihai Maruseac <[email protected]>
Signed-off-by: Mihai Maruseac <[email protected]>
3bd2ebe
to
28904c6
Compare
Thanks! Could you please fix the typo reported in this pre-commit CI run? |
Working on it, sorry for the delay |
Signed-off-by: Mihai Maruseac <[email protected]>
No worries at all! Thank you so much for your contribution! |
Signed-off-by: Mihai Maruseac <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR introduces a new tutorial on setting up Trusted Publishing for secure, automated package releases via GitHub Actions and updates existing tutorials to reference it.
- Added
trusted-publishing.md
with step-by-step guidance on configuring and hardening a GitHub Actions release workflow. - Updated
publish-pypi.md
andintro.md
to link to the new Trusted Publishing tutorial.
Reviewed Changes
Copilot reviewed 3 out of 8 changed files in this pull request and generated 3 comments.
File | Description |
---|---|
tutorials/trusted-publishing.md | New tutorial for setting up and hardening Trusted Publishing |
tutorials/publish-pypi.md | Added references and tips about Trusted Publishing |
tutorials/intro.md | Updated TOC to include the new Trusted Publishing tutorial |
Comments suppressed due to low confidence (1)
tutorials/publish-pypi.md:65
- [nitpick] Use the same internal link style as other tutorials (e.g. '') for consistency.
In a [future lesson](trusted-publishing), you will learn how to create an automated GitHub Actions workflow that publishes an updated version of your package to PyPI every time you create a GitHub release.
Signed-off-by: Mihai Maruseac <[email protected]> Co-authored-by: Copilot <[email protected]>
Signed-off-by: Mihai Maruseac <[email protected]> Co-authored-by: Copilot <[email protected]>
Hmm, this is failing for the links I added to the currently added page. Should I separate the links to another PR? |
Yes, that makes it easy to understand. Thanks so much for your help! |
Signed-off-by: Mihai Maruseac <[email protected]>
Signed-off-by: Mihai Maruseac <[email protected]>
Signed-off-by: Mihai Maruseac <[email protected]>
I think now this is a failure of the checker. It's the same as #529 (comment) (another PR that added a new file) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mihaimaruseac thanks for the PR!
We should add the new section to the table of contents in the tutorials section /tutorials/intro.md
so it appears in the side bar. You can add something like Trusted publishing with GitHub Actions <trusted-publishing>
after line 47.
Also, I got a warning when building because an issue with double quotes on the img tag, I made a code suggestion to fix.
About the links, I believe they don't exist because you are adding them and so they have not been published to the site yet.
I'll revert cb089f7 to add back the links then. I'll also change the quotes. Thank you for the review |
This reverts commit cb089f7.
Signed-off-by: Mihai Maruseac <[email protected]>
Oh, I did not realize @tkoyama010 was already reviewing and had asked you to split in a different PR, I am sorry for causing confusion, I defer to his decisions here. |
I can revert the revert again, @tkoyama010 up to you. But I think the failure is the same on both cases, the links are newly created but the CI expects them to be there. Same failure as in #529, as mentioned above. |
I agree, it's mostly to choose the most proper way to handle but it's not a problem. Thanks for fixing the quotes! |
Hi - just to confirm - as you pointed out, our CI has a bug where any new page will fail because its not online yet and will produce a 404 page not found error. It is OK to merge this PR (when everyone is happy with the rest of the content) with that point of failure as long as the page it selfrenders :) |
@all-contributors please add @mihaimaruseac for code, review |
I've put up a pull request to add @mihaimaruseac! 🎉 |
@all-contributors please add @mihaimaruseac for docs, tutorials |
I've put up a pull request to add @mihaimaruseac! 🎉 |
All CI failures here are now OK (related to a new page being added) |
here is a rendered view it looks great. |
Friends, let's merge this PR as is. I'll open another PR that will support a second round of review via the community :) This one won't fail because the new page will be live and we can take our time reviewing. Thank you so so much for this pr!!! |
oh @flpm i want to ensure you are happy with it first. i see you request changes. I THINK they were done but i'd love your input before we merge. |
I am okay with it! Thanks @mihaimaruseac |
Wonderful. Thank you so much!! i'll merge and then open another PR that we can run a community review on! @mihaimaruseac if you have bandwidth i welcome you to join that review process as well :) |
Thank you! I will definitely review and contribute more |
This should fix #253.