Open MartinThoma opened 6 days ago
MartinThoma
commented
6 days ago Hm ... can it be the missing trailing slash in the "Source" URL?
According to https://github.com/pypi/warehouse/pull/16485 trailing slashes can be present or not. That was not added to the docs. Maybe it makes sense to add to the docs if trailing slashes are handled or not.
woodruffw
commented
6 days ago According to docs.pypi.org/project_metadata it should be possible to link to pypi.org/project/pypdf from py-pdf/pypdf
Yep -- the docs specifically say that you need to use a Trusted Publisher to link a GitHub (or GitLab, etc.) repo to a PyPI project. Just adding a badge to the repo isn't sufficient, since anybody can add a badge claiming to be a particular project.
Once you register a Trusted Publisher and publish using it instead of a manually-configured API token, your subsequent releases will have those GitHub URLs marked as verified.
woodruffw
commented
6 days ago (For reference, you're currently using a manually configured API token here: https://github.com/py-pdf/pypdf/blob/fcb103a7d995406c993b7ba6b3325c94dab7ad0b/.github/workflows/publish-to-pypi.yaml#L27-L32)
Describe the bug
According to https://docs.pypi.org/project_metadata/ it should be possible to link to https://pypi.org/project/pypdf/ from https://github.com/py-pdf/pypdf
You can see the link from Github to the PyPI project page over the "python version" tag at the very top of the github page:
we did exactly that, but still the URL is not marked as "verified":
It was like this when the package was uploaded
Expected behavior
The source URL https://github.com/py-pdf/pypdf should be marked as verified on https://pypi.org/project/pypdf/
To Reproduce
https://pypi.org/project/pypdf/