Let's put `sockjs` under the `aio-libs` org on PyPI

[webknjaz]

See the details @ https://github.com/orgs/aio-libs/discussions/26.

For this, we'll need somebody with Owner privileges to either give me access on PyPI (the username there is the same — webknjaz) or be invited to the org by me (for that I'd need the username of such an individual).

As a bonus, this will also allow us to set up secretless publishing from GHA to PyPI and get rid of the in-repo secrets.

cc @pahaz @Cykooz

[Cykooz]

@webknjaz I think that this repo is dead. I can't merge my pull-requests into it because I don't have permission to remove Travis CI from a pull-request checking process. My latest pull-request was not been answered for six months and I closed it.

[Cykooz]

My username in PyPi - Cykooz

[webknjaz]

@Cykooz one of my objectives is to get rid of the bot account on PyPI, so I'm asking everyone to move accesses, even if the GitHub repos are inactive. Though, if you're interested in taking over the maintenance, I can elevate your privileges here.

[Cykooz]

@webknjaz Yes, I want to maintain this project. It will be cool if you elevate my privileges for this repo.

[webknjaz]

I sent you the PyPI org invitation, but still need owner privileges myself on the project, to move it.

[webknjaz]

And I gave you the Maintain privilege on the GH repo, separately. @aio-libs/sockjs-commiters only has Write.

[webknjaz]

I also dropped the required checks from branch protection so you'd have a change of reviving the CI before re-adding them. Here's examples of some other pure-python repo CI/CD setups: https://github.com/aio-libs/aiomonitor/blob/main/.github/workflows/ci-cd.yml / https://github.com/aio-libs/aiomysql/blob/master/.github/workflows/ci-cd.yml. I recommend following these examples. Make sure to integrate re-actors/alls-green and maybe re-actors/checkout-python-sdist. Use the same workflow filename ci-cd.yml — it's standardized across the org. There's also examples of publishing to (Test)PyPI in those repos that you can reproduce.

Once I have access to the PyPI project, I'll make sure to set up the trust for using the secretless publishing later on.

[webknjaz]

I moved it and reduced the regular user account privileges. Will keep the issue open until the secretless publishing replaces the bot account so that publishing from GH remains working.

[webknjaz]

I set up the trust to the workflow named ci-cd.yml (which doesn't yet exist) and the environment called pypi on the PyPI side. If you follow the above examples, it'll just magically work.. I've added protection to the pypi environment so that the actual releases require a button click from somebody else. I'll probably drop that checkbox once I see everything being configured properly.

I also removed the bot account from the project, since its credentials aren't configured in this repo secrets anyway.

Now, the rest of the GHA configuration is on you. Close this issue, once that's complete.

[Cykooz]

Thank you.