search

jazzband / help

Use this repo to get help from the roadies
https://jazzband.co/roadies
27 stars 7 forks source link

Cannot upload from Jazzband to PyPI due to outdated dependencies #360

Closed hugovk closed 2 months ago

hugovk commented 5 months ago

Short version: Update Metadata package to 2.3+ on https://github.com/jazzband/website to fix PyPI releasing

Describe the bug

I've made a release from GitHub Actions to the Jazzband staging area, but I can't release from there to PyPI because https://github.com/jazzband/website has outdated dependencies.

To Reproduce Steps to reproduce the behavior:

  1. Go to https://jazzband.co/projects/prettytable/upload/1195/release
  2. Enter "prettytable" in the project name box
  3. Click Release
  4. See error:

Release of prettytable-3.10.1.tar.gz failed. Standard output

Uploading distributions to https://upload.pypi.org/legacy/ ERROR  InvalidDistribution: Metadata is missing required fields: Name, Version. Make sure the distribution includes the files where those fields are specified, and is using a supported Metadata-Version: 1.0, 1.1, 1.2, 2.0, 2.1, 2.2.

Expected behavior

Package uploaded to PyPI.

Additional context

Metadata 2.3 has been released, so dependencies need updating on the Jazzband website.

GitHub Actions -> PyPI worked because they have the latest tools, like twine==5.0.0 and pkginfo==1.10.0:

However, the Jazzband website has pinned dependencies, like twine==4.0.2 and pkginfo==1.9.6:

That repo does use Dependabot, but there's some unmerged PRs like https://github.com/jazzband/website/pull/1148 which have this banner at the top:

Dependabot updates are paused We noticed you haven't used Dependabot in a while, so we've paused automated Dependabot updates for this repository. To resume, simply interact with Dependabot. For example, merge a Dependabot pull request or use @dependabot rebase. See open Dependabot pull requests or learn more about pausing of activity.

  1. Please could you re-enable Dependabot and update those dependencies?
  2. I have a 10-month-old request to transfer out this project, please could you check this too? https://github.com/jazzband/help/issues/340
  3. For other Jazzband projects, we should look into using the new Trusted Publishers to skip the staging area.

Thank you!

jezdez commented 2 months ago

This should be resolved in https://github.com/jazzband/website/releases/tag/24.7.0

hugovk commented 2 months ago

Confirmed, thank you!