Feature/#53 trusted publishing #55
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds a manual TestPyPI publishing workflow, updates the existing publish workflow to split build and publish steps, and bumps the project version.
- Bump version from 0.1.dev1 to 0.1.dev2
- Add
test-publish.ymlfor manual TestPyPI uploads - Refactor
publish.ymlinto separate build and publish jobs
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| pyproject.toml | Bumped version to 0.1.dev2 |
| .github/workflows/test-publish.yml | New workflow for manual TestPyPI package uploads |
| .github/workflows/publish.yml | Split build/publish into two jobs and upload artifacts |
Comments suppressed due to low confidence (2)
.github/workflows/publish.yml:40
- [nitpick] This comment about TestPyPI publish appears outdated in the main publish workflow. It might be confusing; consider removing or updating it to reflect the new dedicated test-publish workflow.
# for testing publication: use `uv publish --publish-url https://test.pypi.org/legacy`. Ask for the test token. (user mirai-solutions-gmbh on test.pypi.org)
.github/workflows/test-publish.yml:1
- [nitpick] There is duplicated build and publish logic between this test workflow and the main publish workflow. You could extract common steps into a reusable workflow or composite action to reduce duplication.
name: TEST Upload Python Package to PyPI
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Potential fix for code scanning alert no. 14: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
spoltier
force-pushed
the
feature/#53-trusted-publishing
branch
2 times, most recently
from
152ab2f to
b1bf3c4
Compare
|
Note that the codecov project check is comparing with an old result which wasn't updated as the codecov check didn't work for subsequent changes. |
spoltier
force-pushed
the
feature/#53-trusted-publishing
branch
from
22fa0fb to
bb62517
Compare
This reverts commit 4456811.
spoltier
force-pushed
the
feature/#53-trusted-publishing
branch
from
bee94b1 to
a7e1e2f
Compare
the basis against which it is comparing is actually fine and not that old, i.e. it is the last commit with relevant changes I believe looking into the results I noticed however that previously some adjacent empty lines and comments had been counted and factored into the statistics as well, which is why we are losing several percentages now as we have fewer total lines in scope whereas the uncovered ones remain almost identical (one empty line there as well) |
There was a problem hiding this comment.
thanks Simon, looks good, the coverage is fine to me (though we could discuss excluding cli from the report or writing some test(s) for it)
one thing you could still do here is to systematically fix the missing permissions on those jobs / workflows where we don't have them set explicitly yet - I think it didn't flag the old existing issues of this sort in this PR, but you're anyways modifying those files
will close #53
includes a test workflow to be triggered manually for testing changes to publication logic. It seems safer and more flexible to use a different workflow entirely, avoiding publishing to the wrong pypi instance.