Best Practices for Production PyPi CLI tool deployments
Posted by YodelingVeterinarian@reddit | Python | View on Reddit | 10 comments
For those of you have some sort of library / CLI / SDK that you host on Pypi, how do you set up your deployments. Just with Twine? Some sort of Git Hook with a trusted publisher? Or something else.
tomatpasser@reddit
Automatic deployment with Github Actions triggered by tags starting with v*
YodelingVeterinarian@reddit (OP)
When you do this, does your setup.py still have a version number in it? How do you decide to set this and make sure it's consistent with the tag?
tomatpasser@reddit
It can be defined in setup.py (or better yet, pyproject.toml) or it could be defined in another file. Whether it matches the tag could be checked in the Github actions, but I haven't had that need. I manually tag and make sure they match.
ThatSituation9908@reddit
Twine + GitHub action registered as trusted publisher.
Makes it impossible to manually upload a package from a dev's local machine.
YodelingVeterinarian@reddit (OP)
When you do this, does your setup.py still have a version number in it? How do you decide to set this and make sure it's consistent with the tag?
ThatSituation9908@reddit
If you're using setuptools, then look at setuptools_scm. The version is the tag
chub79@reddit
Trusted Publisher was such a great move from the Pypa team. I use it everywhere.
gerardwx@reddit
#!/bin/bash
First I use test_push. It's the same except the twine line is:
bbolli@reddit
nicholashairs@reddit
Twine and manually building / pushing.
I have started looking into GitHub actions and how to run them securely with many contributors.