Most of the Pelican's plugins under the new pelican-plugins organization publish to PyPI via the command poetry publish -u __token__ -p $PYPI_PASSWORD, in their GitHub workflow. This implies that the PyPI associated project's password must be stored in the Environment secrets of the GitHub repository.
Some plugins have already migrated to using the pypa/gh-action-pypi-publish GitHub action for publishing to PyPI, like sitemap and featured-image. In this new scheme, there is no need to store the PyPI password in GitHub, but a new Trusted Publisher must be defined at PyPI. This can be done as follows, supposing PyPI project pelican-name is associated with the pelican-plugins/name repository at GitHub:
The workflow name must correspond to the file name in .gihub/workflows.
Once you fill out the form with those values and tap the “Add” button, then the name project should be all ready for publication via the gh-action-pypi-publish action (once again, assuming that the relevant workflow file changes have also been made). Note that the above trusted publisher configuration can be done in advance — before actually switching to that method in the GitHub Action workflow — without disrupting the current publication flow.
[Acknowledgments: The above text are the almost verbatim instructions that @justinmayer sent to me some time ago.]
Most of the Pelican's plugins under the new pelican-plugins organization publish to PyPI via the command
poetry publish -u __token__ -p $PYPI_PASSWORD, in their GitHub workflow. This implies that the PyPI associated project's password must be stored in the Environment secrets of the GitHub repository.Some plugins have already migrated to using the pypa/gh-action-pypi-publish GitHub action for publishing to PyPI, like sitemap and featured-image. In this new scheme, there is no need to store the PyPI password in GitHub, but a new Trusted Publisher must be defined at PyPI. This can be done as follows, supposing PyPI project pelican-
nameis associated with the pelican-plugins/namerepository at GitHub:Go to the following page:
https://pypi.org/manage/project/pelican-`name`/settings/publishing/
and fill in the form with these values:
Owner: pelican-plugins Repository name:
nameWorkflow name:main.ymlEnvironment name: DeploymentThe workflow name must correspond to the file name in
.gihub/workflows.Once you fill out the form with those values and tap the “Add” button, then the
nameproject should be all ready for publication via thegh-action-pypi-publishaction (once again, assuming that the relevant workflow file changes have also been made). Note that the above trusted publisher configuration can be done in advance — before actually switching to that method in the GitHub Action workflow — without disrupting the current publication flow.[Acknowledgments: The above text are the almost verbatim instructions that @justinmayer sent to me some time ago.]