Add initial tutorial for trusted publishing. #542
Conversation
This should solve pyOpenSci#253. Signed-off-by: Mihai Maruseac <[email protected]>
Signed-off-by: Mihai Maruseac <[email protected]>
mihaimaruseac
force-pushed
the
trusted-publishing
branch
from
3bd2ebe to
28904c6
Compare
|
Thanks! Could you please fix the typo reported in this pre-commit CI run? |
|
Working on it, sorry for the delay |
Signed-off-by: Mihai Maruseac <[email protected]>
|
No worries at all! Thank you so much for your contribution! |
Signed-off-by: Mihai Maruseac <[email protected]>
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new tutorial on setting up Trusted Publishing for secure, automated package releases via GitHub Actions and updates existing tutorials to reference it.
- Added
trusted-publishing.mdwith step-by-step guidance on configuring and hardening a GitHub Actions release workflow. - Updated
publish-pypi.mdandintro.mdto link to the new Trusted Publishing tutorial.
Reviewed Changes
Copilot reviewed 3 out of 8 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| tutorials/trusted-publishing.md | New tutorial for setting up and hardening Trusted Publishing |
| tutorials/publish-pypi.md | Added references and tips about Trusted Publishing |
| tutorials/intro.md | Updated TOC to include the new Trusted Publishing tutorial |
Comments suppressed due to low confidence (1)
tutorials/publish-pypi.md:65
- [nitpick] Use the same internal link style as other tutorials (e.g. '') for consistency.
In a [future lesson](trusted-publishing), you will learn how to create an automated GitHub Actions workflow that publishes an updated version of your package to PyPI every time you create a GitHub release.
Signed-off-by: Mihai Maruseac <[email protected]> Co-authored-by: Copilot <[email protected]>
Signed-off-by: Mihai Maruseac <[email protected]> Co-authored-by: Copilot <[email protected]>
|
Hmm, this is failing for the links I added to the currently added page. Should I separate the links to another PR? |
|
Yes, that makes it easy to understand. Thanks so much for your help! |
Signed-off-by: Mihai Maruseac <[email protected]>
Signed-off-by: Mihai Maruseac <[email protected]>
Signed-off-by: Mihai Maruseac <[email protected]>
|
I think now this is a failure of the checker. It's the same as #529 (comment) (another PR that added a new file) |
There was a problem hiding this comment.
@mihaimaruseac thanks for the PR!
We should add the new section to the table of contents in the tutorials section /tutorials/intro.md so it appears in the side bar. You can add something like Trusted publishing with GitHub Actions <trusted-publishing> after line 47.
Also, I got a warning when building because an issue with double quotes on the img tag, I made a code suggestion to fix.
About the links, I believe they don't exist because you are adding them and so they have not been published to the site yet.
|
I'll revert cb089f7 to add back the links then. I'll also change the quotes. Thank you for the review |
This reverts commit cb089f7.
Signed-off-by: Mihai Maruseac <[email protected]>
|
Oh, I did not realize @tkoyama010 was already reviewing and had asked you to split in a different PR, I am sorry for causing confusion, I defer to his decisions here. |
|
I can revert the revert again, @tkoyama010 up to you. But I think the failure is the same on both cases, the links are newly created but the CI expects them to be there. Same failure as in #529, as mentioned above. |
|
I agree, it's mostly to choose the most proper way to handle but it's not a problem. Thanks for fixing the quotes! |
This should fix #253.