Closed jtpio closed 9 months ago
We can then remove voila-bot
from PyPI after this is merged.
We can then remove
voila-bot
from PyPI after this is merged.
And the PYPI_TOKEN
in the repo secrets.
Looks like voila-bot
was only used for 2 projects on PyPI:
Happy to remove that bot, thank you!
Just removed it from PyPI. I think we need to keep as Admin
on the repos though.
I think we need to keep as Admin on the repos though.
Why?
Because it's still the bot creating the GitHub releases:
There is also still the need to the admin github token. But this might not be needed in a future version of the releaser: https://github.com/jupyter-server/jupyter_releaser/pull/545
Ok 👍🏽
References
Start using trusted publishers for publishing Voila to PyPI.
This will help to not have to deal with 2FA with the bot account: https://blog.pypi.org/posts/2024-01-01-2fa-enforced/
Code changes
publish-release.yml
to remove the PyPI token and set upid-token
voila
on PyPI to use trusted publishersUser-facing changes
None
Backwards-incompatible changes
None