Comments (28)
In GitLab by @warsaw on Sep 10, 2018, 17:29
+1 - can we do the same for importlib_resources too?
from importlib_metadata.
In GitLab by @warsaw on Sep 10, 2018, 17:30
FWIW, I'm sure there's a way to do it with the pipelines and the .gitlab-ci.yaml
file.
from importlib_metadata.
In GitLab by @warsaw on Sep 11, 2018, 16:42
@jaraco I'm going to assign this one to you. Whatever works here should also work for importlib_resources.
from importlib_metadata.
In GitLab by @warsaw on Sep 11, 2018, 16:42
assigned to @jaraco
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 20:55
mentioned in commit 8f308ac
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 20:55
closed via commit 8f308ac
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 20:58
The latest commit solves this issue. I have to push to master to verify that the credentials work there, as they don't in other branches. But I do expect this job to either succeed and release 0.2b1 to PyPI or to be rejected because 0.2b1 isn't a valid version for PyPI.
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 21:04
reopened
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 21:07
That job failed again due to non-existent credentials, despite me having set the credentials.
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 21:30
In this job we can see that the variables aren't set:
release runtests: commands[1] | python -m twine upload dist/*
Uploading distributions to https://upload.pypi.org/legacy/
Enter your username: EOFError: EOF when reading a line
Even though they absolutely are. Oh, wait, I used the wrong var names (TRAVIS_* instead of TWINE_*).
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 21:35
After setting TWINE_USERNAME and TWINE_PASSWORD, the output is different, but still failing. That looks like a bug in twine. Why isn't it honoring the TWINE_PASSWORD env var?
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 21:43
Master was not a protected branch, which probably explains why the variable isn't set. I suspect protected variables can only be used in protected branches. I've protected the master branch and given maintainers push and merge access to the master branch.
If this works, it's an annoying aspect about GitLab - you can't have one feature (protecting secret variables) without enforcing other protections (disallowing force-push to master). Those two facets are apparently linked.
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 21:44
Well, that wasn't it.
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 21:46
Since it seems that the TWINE_USERNAME is being honored, I've removed the protected status on the TWINE_PASSWORD to see if that works.
{{image.png}}
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 21:47
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 21:53
That did the trick and now importlib_metadata 0.2 is now in PyPI. I had expected that would upload 0.2b2, but I forget that the version is stored in importlib_metadata/version.txt and not in the tags... so it doesn't matter what you tag, you get what's in version.txt. We'll have to adjust the other pending efforts to target 0.3.
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 21:53
closed
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 21:56
I've returned the master branch to being unprotected, since that didn't seem implicated in the issue.
I am now doubly-uneasy about the presence of my password being exposed in the repo. Presumably anybody now could submit a pull request to the project and have it echo $TWINE_PASSWORD
and have the password for my PyPI repos.
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 22:00
The docs do say that protected variables once set will be set for subsequent pipelines. Since I was retrying a previously-run pipeline, perhaps the protected variables only are included for protected branches for subsequent pipelines. I'll configure the repo accordingly and retry.
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 22:00
reopened
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 22:04
Since I've already released 0.2, I've gone ahead and tagged that commit, which created this new pipeline. I did that after once again setting the master as a protected branch and setting the TWINE_PASSWORD as a protected variable.
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 22:08
Nope. Still didn't work. GitLab's docs are wrong.
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 22:08
closed
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 22:24
Oh, I think I know now what's going on. Since the release only runs on tags, it's only "protected tags" that are relevant when allowing for "protected variables". In other words, "protected branches" are irrelevant. I'm going to mark all tags as protected and remove the protections once again from the master branch.
from importlib_metadata.
In GitLab by @jaraco on Sep 11, 2018, 22:35
Good news! That worked. So if other projects like importlib_resources wish for this functionality, it should be as simple as porting 8f308ac and 559f6c3 to it and setting all tags to be protected.
from importlib_metadata.
In GitLab by @warsaw on Sep 11, 2018, 23:20
@jaraco Thanks! I'll retarget the milestone issues and MR's, update version.txt
and update the changelog.rst
. Do you mind porting this to importlib_resources
?
from importlib_metadata.
In GitLab by @jaraco on Sep 12, 2018, 01:03
mentioned in merge request !9
from importlib_metadata.
In GitLab by @jaraco on Sep 12, 2018, 01:09
mentioned in merge request importlib_resources!67
from importlib_metadata.
Related Issues (20)
- Cannot infer top-level imports from packages installed by PDM w/`install.cache=true` (aka. symlinked packages) HOT 10
- Uncaught Exception when reading Egg information HOT 6
- `__pycache__` returned as an import name from `packages_distributions()` HOT 4
- Raise if multiple `dist-info` folders for same dist exist HOT 3
- Create a Github Security Policy file HOT 3
- PathDistribution normalized name ignores name components after first "-" HOT 6
- Provide a 'diagnose' routine to help users inspect broken environments HOT 1
- ContextualVersionConflict error on jupyter notebook HOT 1
- pypy test has started failing HOT 12
- Rely on zipfile.Path (where viable) HOT 1
- Backport docs changes HOT 1
- Invalid annotation in `SimplePath` protocol HOT 2
- Change build backend to flit-core? HOT 1
- 6.8.0: pytest is failing in tests/test_api.py::APITests::test_prefix_not_matched` unit HOT 3
- PackageNotFoundError No package metadata was found for <myproject> HOT 1
- Question: parsing package names & versions from METADATA file instead of dist-info directory HOT 1
- Provide a helper for "is distribution present" HOT 2
- Mypy tests failing on Windows only HOT 1
- 6.9.0: `DiscoveryTests.test_package_discovery` fails HOT 6
- distributions() finds two packages for editable installs HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from importlib_metadata.