Closed micahjsmith closed 5 years ago
@micahjsmith I think that it's safer to not use the travis auto-deployment and do the releases manually using a make target.
If you agreed on this, I would open an issue to update the Makefile with the latest changes from our cookiecutter template, so that making a releases becomes as easy as a make release
+ inputting the PyPi password.
Can you explain why you think it is safer? My opinion is automated solutions are almost always safer because they reduce the risk of human error and take the burden off the programmer to follow strict procedures. I have used automated PyPI deployment for several other packages without problems.
I think it's safer because of two things:
make release
command is not final, since it stops at the password prompt.In the automated fashion, if someone (e.g. a confused student) mistakenly runs the make release
target and pushes a tag to github, travis will make a release on its own without asking for confirmation, and this cannot be reverted on PyPi.
I confirm that this continues to fail :-(
Here is the log of the latest build, which failed: https://travis-ci.org/HDI-Project/BTB/jobs/482562504
I'll make now the release manually.
I also opened an issue to import the latest changes from the DAI-Lab cookiecutter project (#110), which include the release steps in the Makefile target, for if we want to end up switching to manual release.
It continues not to work and its not worth investigating further, we will do manual releases
Travis erroring out on tag builds that are supposed to be deployed to PyPI. Example: https://travis-ci.org/HDI-Project/BTB/jobs/454809090
I believe error is due to incorrect use of
travis encrypt
for the PyPI password. I believe I fixed it in decd2a8 but need to confirm on next tag that it is fixed.If error recurs, can manually release by
git checkout vX.Y.Z && make release
.Log snippet follows: