gh-action-pypi-publish
python-ms
gh-action-pypi-publish | python-ms | |
---|---|---|
5 | 15 | |
844 | 1 | |
2.6% | - | |
8.1 | 8.8 | |
1 day ago | 4 days ago | |
Python | Python | |
BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gh-action-pypi-publish
-
PyPI new user and new project registrations temporarily suspended
> Recently I've seen someone on Reddit trying to automate the creation of PyPI projects through GitHub Actions. The person was complaining that the first deployment couldn't use an API key for that project since it didn't exist. So I'm not surprised some people are trying to do the same for malicious purposes.
Sorry for the tangent, but: you can do this now! If you use trusted publishing, you can register a "pending publisher" for a project that doesn't exist yet. When the trusted publisher (like GitHub Actions) is used, it'll create the project[1].
All of this is supported transparently by the official publishing action for GitHub Actions[2].
[1]: https://docs.pypi.org/trusted-publishers/creating-a-project-...
[2]: https://github.com/pypa/gh-action-pypi-publish
-
Publishing to PyPI via GitHub Action
In the documentation example, I see that the action yaml file contains the line uses: pypa/gh-action-pypi-publish@release/v1. I have never done this before and almost went with that, but I am not sure why the example shows v1 hardcoded, so I don't think I actually want this to happen. It doesn't seem to be well explained though, and the pypi-publish action repo was also quiet on this. Is this saying that it will create a release branch in my repo and call the release v1? Or how will this appear after I've done it? Will I have to manually change this v1 to v0.1.1 in the actions file AND the pyproject.toml?
-
"Even with --dry-run pip will execute arbitrary code found in the package's setup.py. In fact, merely asking pip to download a package can execute arbitrary code"
Yeah, you're uploading to PyPi in your pipeline, great. The custom github action still uses twine because the stdlib falls short on BASIC security. https://github.com/pypa/gh-action-pypi-publish/blob/unstable/v1/twine-upload.sh
-
Do you publish pypi source code to Github as well in the same form?
I never bothered with pypi myself but I hope the nudge into github actions helps you. I've found the following promising github action: https://github.com/pypa/gh-action-pypi-publish
- The Python Package Index is now a GitHub secret scanning integrator
python-ms
-
Sleekiest Python Trick you know.
Traditionally, you import a package and then use things from it to do a task. However, it is actually possible to have the import itself do stuff; I used this technique in python_ms to replicate the original JS module down to its import. And fuckit did it way before that.
-
What's the best way to manage Python versions and environments for a beginner on mac?
As a side note, if you use GitHub Actions or a similar CI/CD system, you can use a matrix or equivalent to create builds or run tests on various different operating systems and Python versions, so you might not even need to worry about running multiple Python versions locally. For example, I use that to build releases for multiple platforms, and to run comprehensive test suites in all configurations.
-
Importing modules
At first I considered this one, but since it does some funky stuff with sys.path I figured that might confuse you if you started to follow everything to the letter. Otherwise it would probably be more suitable.
-
I`ve created my first project on GitHub
I don't really have any simple project examples that use databases (the closest thing would be a certain server project, which is probably too complex for you right now), but to showcase project structure I can suggest python_ms.
-
Wordle Solver package for fun/practice, would really appreciate any feedback or suggestions!
I'm also rather fond of GitHub Actions, so I'd create additional scripts for Dependabot updates and some linters/Black to automatically run on every push/pull request. Maybe even automating the PyPI publishing process via Git version tags, and adding releases to GitHub. For that, I believe python_ms is a decent example.
-
Coding Project Review
First impressions; I kinda wish the code was in its own subdirectory as generally speaking the repository root is for metadata files/build scripts only. This project will probably serve as a decent example of that.
-
Python Library Upload
I also recommend at least looking into letting a CI/CD pipeline handle this for you (for example GitHub Actions) because that way you don't need to expose your API key in the repository, or risk committing secrets in general. As an example, here's my Actions script for uploading new python-ms releases.
-
My first project is a mess!
Having a pretty README also can't hurt, I'm particularly proud of this one: https://github.com/Diapolo10/python-ms/blob/main/README.md
-
Design patterns and structure of source files
As far as examples go, I think my EguiValet server project might suffice for this one. It's probably a bit bigger than whatever you're working on, but python_ms would probably be too bare-bones in this case.
-
Publishing to PyPI via GitHub Action
If you want an example, python_ms will probably work. I decided to publish on merged pull requests to main instead of waiting for tags (I should probably change that in my template by now), and it's using Poetry, but it's my smallest project that's easy enough to follow in a short time.
What are some alternatives?
build - A simple, correct Python build frontend
RuneScore - A script that pulls a RuneScape player's stats from Jagex' servers, and outputs a HTML file containing them.
git-filter-repo - Quickly rewrite git repository history (filter-branch replacement)
rcoc - Random country, city name generator
amplify-preview-actions - This action deploys your AWS Amplify pull request preview for your public repository
DBMS
git-repo-sync - Git Repo Sync enables you to synchronize code to other code management platforms, such as GitLab, Gitee, etc.
escapyde - Yet another ANSI escape sequence library for Python - now modernised!
trufflehog - Find and verify secrets
iplib3 - A pathlib.Path equivalent for IP addresses.
release - Contains every things needed to release jenkins core from the jenkins infra project
schedule-generator