Best Practices for Production PyPi CLI tool deployments

Posted by YodelingVeterinarian@reddit | Python | View on Reddit | 10 comments

For those of you have some sort of library / CLI / SDK that you host on Pypi, how do you set up your deployments. Just with Twine? Some sort of Git Hook with a trusted publisher? Or something else.

[-]

tomatpasser@reddit

Automatic deployment with Github Actions triggered by tags starting with v*

[-]

YodelingVeterinarian@reddit (OP)

When you do this, does your setup.py still have a version number in it? How do you decide to set this and make sure it's consistent with the tag?

[-]

It can be defined in setup.py (or better yet, pyproject.toml) or it could be defined in another file. Whether it matches the tag could be checked in the Github actions, but I haven't had that need. I manually tag and make sure they match.

[-]

ThatSituation9908@reddit

Twine + GitHub action registered as trusted publisher.

Makes it impossible to manually upload a package from a dev's local machine.

[-]

YodelingVeterinarian@reddit (OP)

When you do this, does your setup.py still have a version number in it? How do you decide to set this and make sure it's consistent with the tag?

[-]

Script public_push

#!/bin/bash

rm -fr build dist

if [ -e setup.py ]; then

echo "Using setup.py"

python3 setup.py bdist_wheel

elif [ -e pyproject.toml ]; then

python3 -m build

fi

twine check dist/*

if [ $? -eq 0 ]; then

twine upload dist/*

fi

First I use test_push. It's the same except the twine line is:

twine upload --verbose  --repository testpypi dist/\*,

[-]

bbolli@reddit

twine check dist/* && twine upload dist/*

[-]

nicholashairs@reddit

Twine and manually building / pushing.

I have started looking into GitHub actions and how to run them securely with many contributors.