Open dudacgf opened 2 months ago
Looks like the GitHub Automation is failing because I'm using an older version of the PyPi upload. Will need to have a look at updating the flow.
https://github.com/TheGroundZero/openvasreporting/actions/runs/9069172828/job/24918129263
https://github.com/TheGroundZero/openvasreporting/blob/master/.github/workflows/pythonpublish.yml
I don't know anything about pypi publishing. I'll create a dummy project and give it a try. The error under actions is about authentication. From what I could see at pypi.org, there is a token api available. Let me see how it works
to publish under the new PyPi upload:
Generate a PYPI_API_TOKEN at pypi.org site under the account that publishes openvasreporting pip versions
at the openvasreport project page, go to settings->secrets and variables->actions and create/edit an environment (pypi suggests naming it Publish) and then add an environment secret named PYPI_API_TOKEN. Paste the TOKEN created at PYPI and save
back to pypi dot org, under Publication, add a new publication (or edit if it already exists). fill in all the blanks
Finally, the last step of python-publish.yml in the Upload Python Package workflow should be changed to `
Totally forgot I already looked into this but had some issues with my PyPi account. I'm working on fixing those issues so I can fix this one as soon as possible.
@dudacgf Do you think #59 would fix this issue? Trying to use Trusted Publisher https://docs.pypi.org/trusted-publishers/adding-a-publisher/
I don't know, because I didn't had the opportunity to test the Trusted Publish workflow (my pypi account was deleted. probably because I was just only doing tests in a dummy project?), only the all-publishing token that's not linked to a specific project. Looks like we'll have to test it as is :/
Even though the Action seems to have failed, it looks like the latest release was uploaded to PyPI.
WARNING Error during upload. Retry with the --verbose option for more details.
ERROR HTTPError: 400 Bad Request from https://upload.pypi.org/legacy/
Start filename for 'OpenVAS-Reporting' with 'openvas_reporting'.
Would I need to change this line to name = openvasreporting
?
https://github.com/TheGroundZero/openvasreporting/blob/8ec032fd659845df4657f9ce38c6443f94a94b4f/setup.cfg#L2
I'm afraid that doing so would cause the package to be named differently in PyPI
Describe the bug
I'm trying to install openvasreporting 1.6.0 using pip3
` (.env) ~/devel/ovr_convert$ pip3 install OpenVAS-Reporting==1.6.0
ERROR: Could not find a version that satisfies the requirement OpenVAS-Reporting==1.6.0 (from versions: 1.0.0, 1.0.1a0, 1.1.0a0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.5.post3, 1.5.1, 1.5.2)
ERROR: No matching distribution found for OpenVAS-Reporting==1.6.0 `
Application usage How are you using the application?
developing a helper website that depends on openvasreporting
Application version The version/release you're working with.
vX.X.X
Python version Version of your Python and Pip install
Expected behavior
pip3 should instal latest version available in this repository
Other comments The current available version for pip install makes snyk complains about version 1.5.2. I hate when snyk says I have a bug