You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
python -m build --sdist --wheel invocation. Action item: remove--sdist --wheel, this will give you a smoke test of building sdist from wheel for free
Building happens in the same job as publishing — separate them to address the possibility of privilege elevation through the build scripts. Action item: restrict permissions of the job that builds the dists, use GHA artifacts to pass dists between jobs
My pypi-publish action version invoked here is @master but it's a years-old release from a deprecated branch. Action item: replace to @release/v1 (or pin to a tag/commit SHA if you'd like Dependabot to bump it for you)
The metadata check is called in permissive mode. Action item: add--strict to python -m twine check
The text was updated successfully, but these errors were encountered:
Hey, I noticed that your workflow for publishing to the PyPI is quite outdated. Please, follow my updated PyPUG guide to set up modern secretless publishing: https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/.
Here's a few problematice things that I noticed:
python -m build --sdist --wheelinvocation. Action item: remove--sdist --wheel, this will give you a smoke test of building sdist from wheel for freepermissionsof the job that builds the dists, use GHA artifacts to pass dists between jobspypi-publishaction version invoked here is@masterbut it's a years-old release from a deprecated branch. Action item: replace to@release/v1(or pin to a tag/commit SHA if you'd like Dependabot to bump it for you)--stricttopython -m twine checkThe text was updated successfully, but these errors were encountered: