Use PyPI Trusted Publisher

[timcera]

Not tried this yet for my own projects, but looks like a really nice approach to use PyPI Trusted Publisher:

https://docs.pypi.org/trusted-publishers/

Configured on PyPI and what you need to specify is:

Owner (required) respec The GitHub organization name or GitHub username that owns the repository

Repository name (required) HSPsquared The name of the GitHub repository that contains the publishing workflow

Workflow name (required) pypi_package.yml # Not made yet... The filename of the publishing workflow. This file should exist in the .github/workflows/ directory in the repository configured above.

Environment name (optional) release The name of the GitHub Actions environment that the above workflow uses for publishing. This should be configured under the repository's settings. While not required, a dedicated publishing environment is strongly encouraged, especially if your repository has maintainers with commit access who shouldn't have PyPI publishing access.

[timcera]

Currently I use github secrets in https://github.com/timcera/wdmtoolbox/blob/main/.github/workflows/wheels.yml to authenticate the twine upload of wdmtoolbox packages to PyPI. The workflow runs with each commit pushed to wdmtoolbox, but twine only uploads new versions since PyPI doesn't allow to replace any existing files. Terrible hack because it only actually works when there is a version bump, but tries each commit.

[timcera]

I now use PyPI Trusted Publisher for my projects. Should be able to copy https://github.com/timcera/tsblender/blob/main/.github/workflows/pypi-package.yml into HPSsquared and adjust the supported python versions and then it would run tests, package hsp2, and load the package up to PyPI whenever there was a push against the master branch. We could adjust the triggers to work against some other event if desired.