search

ReadAlongs / Studio

Audiobook alignment for Indigenous languages
https://readalongs.github.io/Studio/
Other
38 stars 20 forks source link

The process to upload to PyPI in pythonpublish.yml is broken #240

Closed joanise closed 1 month ago

joanise commented 2 months ago

See https://github.com/ReadAlongs/Studio/actions/runs/10854351775/job/30124835565

ERROR    HTTPError: 403 Forbidden from https://upload.pypi.org/legacy/          
         Invalid or non-existent authentication information. See                
         https://pypi.org/help/#invalid-auth for more information.              
Error: Process completed with exit code 1.

Looks like we'll have to move from twine upload to the same process we use for g2p, with trusted publishing, which will let us activate sigstore signing the same way as in g2p.

Although I have a question about that: I cannot see where those .sigstore files end up. Why sign if you can see and validate the signature? @SamuelLarkin maybe you know?

Assigning this to Aidan (for activating trusted publishing) and I (for updating the pythonpublish.yml workflow).

joanise commented 1 month ago

Fixed by #241 and AP fixing the required secrets.