-
Notifications
You must be signed in to change notification settings - Fork 605
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add uv publish
: Basic upload with username/password or keyring
#7475
Draft
konstin
wants to merge
5
commits into
main
Choose a base branch
from
konsti/publish2
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+1,813
−55
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
konstin
commented
Sep 17, 2024
konstin
force-pushed
the
konsti/publish2
branch
from
September 17, 2024 18:56
c4083a1
to
fecb3a1
Compare
Does it need to be secure? Or can we just have a test user that only uploads dummy packages that we can expose the password to? |
konstin
force-pushed
the
konsti/publish2
branch
3 times, most recently
from
September 18, 2024 21:26
ea8fc61
to
3775e2c
Compare
konstin
added a commit
that referenced
this pull request
Sep 19, 2024
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
konstin
force-pushed
the
konsti/publish2
branch
from
September 19, 2024 11:46
3775e2c
to
261f04e
Compare
konstin
added a commit
that referenced
this pull request
Sep 19, 2024
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
konstin
added a commit
that referenced
this pull request
Sep 19, 2024
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
konstin
added a commit
that referenced
this pull request
Sep 19, 2024
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
konstin
added a commit
that referenced
this pull request
Sep 19, 2024
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
konstin
force-pushed
the
konsti/publish2
branch
3 times, most recently
from
September 19, 2024 12:45
7502383
to
6f83d3f
Compare
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
konstin
force-pushed
the
konsti/publish2
branch
from
September 19, 2024 13:34
6f83d3f
to
f72da4d
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
uv publish
command allows uploading wheels and source distributions to PyPI or another registry. We support username/password auth, token auth and (follow-up) trusted publishing from GitHub Actions. Be default we upload files fromdist/*
, the output directory fromuv build
.This is intended to support three different workflow, ordered by relevance:
uv build
uv publish
uv build
, clear the venv, install the source distribution, run a smoke test, upload the source distribution as artifactuv build --wheel
, clear the venv, install the wheel run a smoke test, upload the wheel as artifactdist/*
and runuv publish
uv build
uv publish
Since we intend for smoke tests between build and publish, there is no combined build-and-publish command.
What works:
__token__
, but it uses the same HTTP headers)Next PRs:
What's missing:
Best reviewed commit-by-commit