Merge branch 'pypi:main' into main

Author: Daksh2000

.github/workflows/node-ci.yml

@@ -32,7 +32,7 @@ jobs:
             persist-credentials: false
       - uses: actions/setup-node@v4
         with:
-          node-version: 23.9.0
+          node-version: 23.10.0
           cache: 'npm'
       - name: Install Node dependencies
         run: npm ci

Dockerfile

@@ -1,6 +1,6 @@
 # First things first, we build an image which is where we're going to compile
 # our static assets with. We use this stage in development.
-FROM node:23.9.0-bookworm AS static-deps
+FROM node:23.10.0-bookworm AS static-deps
 
 WORKDIR /opt/warehouse/src/
 

dev/environment

@@ -5,6 +5,8 @@ WAREHOUSE_ENV=development
 WAREHOUSE_TOKEN=insecuretoken
 WAREHOUSE_IP_SALT="insecure himalayan pink salt"
 
+USERDOCS_DOMAIN="http://localhost:10000"
+
 TERMS_NOTIFICATION_BATCH_SIZE=0
 
 AWS_ACCESS_KEY_ID=foo

docs/mkdocs-user-docs.yml

@@ -61,6 +61,9 @@ edit_uri: blob/main/docs/user/
 
 nav:
   - "index.md"
+  - "Project Management":
+      - "project-management/storage-limits.md"
+      - "project-management/yanking.md"
   - "Organization Accounts":
       - "organization-accounts/index.md"
       - "organization-accounts/org-acc-faq.md"

docs/user/assets/project-size-and-limits.png

@@ -187,18 +187,11 @@ Before uploading attestations to the index, please:
           aud: pypi
       script:
         # Install dependencies
-        - apt update && apt install -y jq
-        - python -m pip install -U twine id
+        - python -m pip install -U twine
 
-        # Retrieve the OIDC token from GitLab CI/CD, and exchange it for a PyPI API token
-        - oidc_token=$(python -m id pypi)
-        # Replace "https://pypi.org/*" with "https://test.pypi.org/*" if uploading to TestPyPI
-        - resp=$(curl -X POST https://pypi.org/_/oidc/mint-token -d "{\"token\":\"${oidc_token}\"}")
-        - api_token=$(jq --raw-output '.token' <<< "${resp}")
-
-        # Upload to PyPI authenticating via the newly-minted token, including the generated attestations
+        # Upload to PyPI using Trusted Publishing, including the generated attestations
         # Add "--repository testpypi" if uploading to TestPyPI
-        - twine upload --verbose --attestations -u __token__ -p "${api_token}" python_pkg/dist/*
+        - twine upload  --attestations python_pkg/dist/*
     ```
 
     Note how, compared with the [Trusted Publishing workflow][GitLab Trusted Publishing], it has the

docs/user/assets/release-options-yank.png

@@ -14,7 +14,7 @@ title: Pricing and Payments
 
 ### Payment Terms
 
-Invoiced monthly, based on usage. Payment is due upon reciept and will be charged to the billing information on file.
+Invoiced monthly, based on usage. Payment is due upon receipt and will be charged to the billing information on file.
 
 ## Community Organizations
 

docs/user/assets/yank-confirm-modal.png

@@ -0,0 +1,104 @@
+---
+title: Storage Limits
+---
+
+PyPI imposes storage limits on the size of individually uploaded files,
+as well as the total size of all files in a project.
+
+The current default limits are **100.0 MB** for individual files and **10.0 GB**
+for the entire project.
+
+You can see your project's current size and storage limits on
+the project settings page (`https://pypi.org/manage/project/YOUR-PROJECT/settings/`):
+
+![](/assets/project-size-and-limits.png)
+
+## File size limits
+
+By default, PyPI limits the size of individual files to **100.0 MB**.
+If you attempt to upload a file that exceeds this limit, you'll receive
+an error like the following:
+
+```console
+Uploading sampleproject-1.2.3.tar.gz
+HTTPError: 400 Client Error: File too large. Limit for project 'sampleproject' is 100 MB.
+```
+
+### Requesting a file size limit increase
+
+!!! note
+
+    Note: All users submitting feedback, reporting issues or contributing to
+    PyPI are expected to follow the
+    [PSF Code of Conduct](https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md).
+
+If you can't upload your project's release to PyPI because you're hitting the
+upload file size limit, we can sometimes increase your limit. Make sure you've
+uploaded at least one release for the project that's under the limit
+(a [developmental release version number](https://packaging.python.org/en/latest/specifications/version-specifiers/#developmental-releases) is fine). Then,
+[file an issue](https://github.com/pypi/support/issues/new?assignees=&labels=limit+request&template=limit-request-file.yml&title=File+Limit+Request%3A+PROJECT_NAME+-+000+MB) and tell
+us:
+
+- A link to your project on PyPI (or TestPyPI)
+- The size of your release, in megabytes
+- Which index/indexes you need the increase for (PyPI, TestPyPI, or both)
+- A brief description of your project, including the reason for the additional size.
+
+## Project size limits
+
+By default, PyPI limits the total size of all files in a project to **10.0 GB**.
+If you attempt to upload a file that would exceed this limit, you'll receive
+an error like the following:
+
+```console
+Uploading sampleproject-1.2.3.tar.gz
+HTTPError: 400 Client Error: Project size too large. Limit for project 'sampleproject' total size is 10 GB.
+```
+
+### Freeing up storage on an existing project
+
+!!! important
+
+    Deleting and [yanking](./yanking.md) are two different actions. Yanking a release or file
+    does **not** free up storage space.
+
+!!! warning
+
+    Deleting releases and files from your project is permanent and cannot be undone
+    without administrative intervention.
+
+!!! warning
+
+    Deletion can be very disruptive for downstream dependencies of your project,
+    since it breaks installation for
+    [pinned versions](https://pip.pypa.io/en/stable/topics/repeatable-installs/).
+
+    Before performing a deletion, we **strongly** recommend that you
+    consider the potential impact on your downstreams.
+
+If you're hitting the project size limit, you can free up storage by removing
+old releases or individual files from your project. To do this:
+
+1. Navigate to the release management for your project: `https://pypi.org/manage/project/YOUR-PROJECT/releases/`;
+2. Click on `Options` next to the release you wish to delete from;
+    - If you wish to delete the entire release, click `Delete`;
+    - If you wish to delete individual files from the release, click `Manage`,
+      then use each file's `Options` menu to delete it.
+
+### Requesting a project size limit increase
+
+!!! note
+
+    Note: All users submitting feedback, reporting issues or contributing to
+    PyPI are expected to follow the
+    [PSF Code of Conduct](https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md).
+
+If you can't upload your project's release to PyPI because you're hitting the project size limit,
+first [remove any unnecessary releases or individual files](#freeing-up-storage-on-an-existing-project)
+to lower your overall project size.
+
+If that is not possible, we can sometimes increase your limit. [File an issue](https://github.com/pypi/support/issues/new?assignees=&labels=limit+request&template=limit-request-project.yml&title=Project+Limit+Request%3A+PROJECT_NAME+-+00+GB) and tell us:
+
+- A link to your project on PyPI (or TestPyPI)
+- The total size of your project, in gigabytes
+- A brief description of your project, including the reason for the additional size.