Automatically upload wheels to Github and PyPI on tags

[anthrotype]

For PyPI, I already have access to the brotli account. For Github however, I'd need push access to this repository in order to generated a suitable API key.

[anthrotype]

In order to store the encrypted PyPI password in appveyor.yml, we need to use Appveyor's encryption web tool (https://ci.appveyor.com/tools/encrypt). However, this needs to be run from the same Appveyor account that is linked to this Github repository: since there's no corporate Google Appveyor account, this should be done by @szabadka from his personal Appveyor's account. Consequently, it's his PyPI password that has to be encrypted, not mine (unless I share my password privately with him and he encrypts it... or he shares his Appveyor password with me...).

To avoid this mess, I believe for the time being we can just run the twine tool manually to upload the v1.0.1 wheels that are built by Travis/Appveyor CI, and which are being uploaded to my github fork (where I do have push access).

Either I could do the twine upload, or you could do it, I don't care as long as we have the wheels uploaded.

Basically, you have to download them all locally (including the "Brotli-1.0.1.zip" source distribution), and run twine upload -u <username> *.whl *.zip (you will be prompted to enter your password).

https://github.com/anthrotype/brotli-wheels/releases/tag/v1.0.1

BTW, I don't know if you know but I'm currently working as contractor for the Google i18n team, so I guess you can "trust" me 😛

[anthrotype]

for the record, these are the Travis and Appveyor build logs that have generated the uploaded packages:

https://travis-ci.org/anthrotype/brotli-wheels/builds/280941863 https://ci.appveyor.com/project/anthrotype/brotli-wheels/build/1.0.24

[anthrotype]

@eustas shall I push the wheels manually to PyPI or you do it?

[eustas]

Going to take a look at this next Monday.

[anthrotype]

thanks. Let me know if you need me to do anything.

[anthrotype]

@eustas friendly nudge :)

[anthrotype]

ok then, I think I'll just upload to PyPI the wheels that I generated from my fork, just like I did for the current v0.6.0 ones

https://github.com/anthrotype/brotli-wheels/releases/tag/v1.0.1

[anthrotype]

Done https://pypi.python.org/pypi/Brotli/1.0.1

[anthrotype]

yesterday I tried setting up the automatic deployment to Github Releases, but Appveyor failed because the secure variable was not encrypted "while being logged under the correct account": https://ci.appveyor.com/project/szabadka/brotli-wheels/build/1.0.0%2320/job/9dksn8ikntpn2lsi#L573

I actually think we don't need to deploy to both Github Releases and the Python Package Index. The latter would be enough, because that's where the pip installer by default finds third party modules. People who wish to download files manually can just go there and download them, just like they would from github. We can place a link the README.md (#10).

So, I went on and removed the Github deployment, and configured Travis/Appveyor to upload wheel packages to PyPI instead.

See commit ea5ce38

Now, the next time the upstream brotli is released, we can try this out, and hopefully it will just work. We have to wait for the version in setup.py to be bumped, because one can't upload the same package version more than once to PyPI.

Though I have a feeling that the Appveyor secure variable that encrypts my PyPI password is not going to work, for the same reasons that it failed with my encrypted Github api token. The problem is, we are using @szabadka own personal Appveyor, rather than using an "organizational Appveyor account". So, I think we need either to create one, or ask @szabadka to encrypt the PyPI credentials using his Appveyor account.

[eustas]

Appveyor has very strange authentication / authorization concept. I believe I can encrypt variable as Zoltan.

[anthrotype]

@eustas I have set up Github Actions workflow to build and upload wheels for multiple python versions and platforms, however I now need access to the repository settings in order to access the https://docs.github.com/en/actions/reference/encrypted-secrets and add my PyPI token, so that twine tool can upload the wheels to the python index automatically when a Github Release is published in https://github.com/google/brotli-wheels. Could you or whomever is administering this repo add me as co-administrator? I am simply a collaborator and can't access the repository settings. Thanks!

[eustas]

Hi, @anthrotype. Thanks for taking care of this project. Promoted your access rights to "admin". If this doesn't help, please ping me, I will take a look what else could be done.

[anthrotype]

Done, thank you! We'll have to wait for the next upstream brotli library release in order to see if the auto-upload works, because PyPI does not allow to re-upload the same version of a package. I'll close this issue once I verify everything works.

[anthrotype]

it worked.. 6 year later!

https://github.com/google/brotli-wheels/actions/runs/6110257366/job/16584521815