Closed seisman closed 3 years ago
- We should rename them to better names,
TEST_PYPI_API_TOKEN
andPYPI_API_TOKEN
following the official guide.
Ok, renaming TEST_PYPI_PASSWORD
-> TEST_PYPI_API_TOKEN
and PYPI_PASSWORD
-> PYPI_API_TOKEN
sounds good, I can do it in PR #900.
- The workflow always fails on forks, because forks don't have these secrets. We should skip the workflow for forks.
You sure we want to hardcode disabling Github Actions workflows for forks? I know we can add a if: github.repository == 'GenericMappingTools/pygmt'
line to the workflow, but:
1) it will be hard for fork users to re-enable tests, unless they have good knowledge of Github Actions 2) fork users can disable tests themselves anyway at https://docs.github.com/en/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository. 3) I thought tests will only run if people keep their fork/branch in sync with GenericMappingTools/pygmt? I.e. if they use the pull bot.
You sure we want to hardcode disabling Github Actions workflows for forks? I know we can add a
if: github.repository == 'GenericMappingTools/pygmt'
line to the workflow, but:
I meant to add this line to the "Publish to PyPI" workflow, because forks can't do the uploads anyway (they don't have the tokens), and we also don't want to see projects like pygmt-01, pygmt-forks on PyPI.
For other workflows (e.g., Tests and GMT Dev Tests), I think they're disabled for forks by default but can be enabled following the documentation you just posted.
Description of the problem
The
publish-to-pypi.yml
workflow uploads the PyGMT packages to PyPI and/or TestPyPI.During the release v0.3.0, we found an issue with the workflow and had a quick fix in #900.
When I reiviwed the workflow, I found two more issues:
test_pypi_password
andpypi_password
in thepypa/gh-action-pypi-publish
action. https://github.com/GenericMappingTools/pygmt/blob/65b099a5873b4f9e76d7fccdbc8882d9b37870e3/.github/workflows/publish-to-pypi.yml#L54-L64The names of these two secrets are confusing. They are API tokens (generated by me, if I remember correctly), not someone's passwords. We should rename them to better names,
TEST_PYPI_API_TOKEN
andPYPI_API_TOKEN
following the official guide.