Docs: Point to a full worked usage example showing recommended usage of API token, etc?

[dbarnett]

Could the README point to some example in the wild of someone using this properly, so I could understand how to properly configure it to publish my package?

I've pushed about 10 guess-and-check commits to my repo trying to extrapolate from the docs how to hook up API tokens and everything and just keep getting one cryptic error after another. Some of the exact parts I was missing in some of those seem to be the little placeholders like # retrieve your distributions here in the examples in docs, so it would be helpful to see how at least one project configures their action properly...

[webknjaz]

@dbarnett the link to the guide in the first paragraph does show how to do it. Have you followed it?

Here's my recent state of the art release automation example, hope it helps: https://github.com/ansible/awx-plugins/blob/e22c150/.github/workflows/ci-cd.yml#L748-L1150.

[dbarnett]

That helps some. What I don't understand is how the token gets passed into hatch publish without the password: key or any reference from that job to GH secrets.

It also took me a while to figure out which other explicit steps and args were needed, but I think I got through all those questions through trial-and-error.

[webknjaz]

That helps some. What I don't understand is how the token gets passed into hatch publish without the password: key or any reference from that job to GH secrets.

We call the ecosystem-standard tool called twine, it's agnostic to the way you build your dists. It's always twine upload and not related to any other tools you might use. You should download the dists you made in a separate job, in a less secure context and pass them to the action which calls twine to upload them and nothing else. It also does the OIDC auth dance to get the short-lived token and feed it to twine upload.

[webknjaz]

@dbarnett anything else you wanted to clarify, or should we close this?

[dbarnett]

Yeah, it would help to have a complete example linked from the README. Like I said, I eventually got something working through a ton of guess-and-check, but if I were starting from scratch my best hope of getting this set up properly would probably be somehow finding this issue for clarification. The examples in the README still seem way too opaque.

[adamjstewart]

https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ is probably a better worked through example, I found it much easier to understand than this project's README.

[webknjaz]

Yes, that guide was created to accompany the action, which is why it is linked in the very first paragraph of the README. It is targeting an example workflow. An action is just a reusable part of a workflow, that entire document wouldn't belong here. It doesn't seem like there's anything left to do here.