🏁 automate cookiecutter release pipeline

[ssbarnea]

We need to automate the release process of cookiecutter, so anyone that can createa tag/release on github repository will trigger a build that publishes the package on pypa.org. This is key in order to allow the project to move forward with lower maintenance efforths and not to lag behind.

In order to achieve this there are few tasks needed:

• [x] create cookiecutter bot user on pypa and put the logo on gravatar
• [ ] add cookiecutter bot user to pypa as maintainer
• [ ] change cookiecutter email and credentials to be one where multiple maintainers have access (in case we need to reset credentials)
• [ ] add cookiecutter tokens on travis config
• [ ] update .travis.yml with release (deployment) code that runs on tag pushes (@ssbarnea)
• [ ] make the first pre-release or release using this process

Related to this is the proposal that I made to switch-to release-drafter and rely on github release pages instead of maintaining an in-repo file. Still, that proposal is not blocker for automating the process.

[ssbarnea]

I contacted travis support to ask them to refresh the outdated encryption key which prevents us from encrypting the longer tokens from pypi. I will quote the request here

At this moment cookiecutter/cookiecuter cannot configure pypi deploy keys to do the problem mentioned at https://travis-ci.community/t/travis-encrypt-data-too-large-for-pypi-tokens-with-older-repos/5792/10

We do not have anything encrypted at this point so the change can be made at any time.

On the other hand maybe we could consider this ticket an opportunity to ditch travis and maybe even appveyor in favour of github-workflows, as they are much better in many aspects: number of build workers, supported platforms and maybe even more important far better maintained.

[ssbarnea]

I mention that even after more than 24h hours I did not get any reply from Travis support, not even a confirmation that a ticket was created.

[luzfcb]

@ssbarnea Although I still haven't had time to play with GitHub action, a few days ago I came across this repository in pypa https://github.com/pypa/gh-action-pypi-publish and https://packaging.python.org/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ Maybe it would be possible to migrate part of CI / CD to Github actions. What do you think?

[ssbarnea]

There are multiple solutions but at this moment any progress is blocked on receiving help from one of 4 maintainers listed at https://pypi.org/project/cookiecutter/ -- nothing can happen without help from at least one of @pydanny @insspb @audreyr @hackebrot

If cookiecutter bot is added as maintainer we should be able to continue.

[pydanny]

I'm aware of this issue and will take a look at it later today.

[ssbarnea]

I made a request to connect snapcraft.io to cookiecutter org on github, please accept the request. This will allow us to distribute cookiecutter as Canonical snaps (which work multi-platform).

The integration is needed in order for them to trigger snap-builds on pushes made to the repository.

See https://snapcraft.io/cookiecutter/listing -- please note that the snap distribution is not yet documented because we need to test it, get it approved to published to the public store (security review). For the moment early adopters can test it using sudo snap install --edge --jailmode molecule, once we fix all bits the edge and jailmode will no longer be needed.

[ssbarnea]

@pydanny @hackebrot @audreyr @insspb Can one of you do something about this, please? The release pipeline is effectively blocked for more than two weeks and it would take only 2 seconds to add another user on pypi in order to unblock it.

Once this happens I can pursuit the other bits.

[insspb]

Hi @ssbarnea I am not owner on pip, so cannot add somebody. But can trigger release. You know my skype (a.shpak)

[ssbarnea]

Funny story I got a reply from Travis about this 3 month after sending the support request, and that was not a confirmation that they fixed the issue (ugprade security key). Ditching Travis would be a big win for us.

[ssbarnea]

If anyone wants to maintain Canonical snap via SnapCraft.io for cookiecutter, please email/pm me to add you there. I do not have time to do it so I will unpublish the snap.

https://snapcraft.io/cookiecutter