Switch to using the repository token for release creation #99
Conversation
|
@offbyone: I get the impression this did not function as anticipated: https://github.com/pelican-plugins/photos/actions/runs/6697983473/job/18199065950#step:6:40 For now I will probably publish 1.5.0 to PyPI manually, because as it stands now, this is in a half-released state. |
|
That is very much not what I'd expect! I'm not 100% sure how to try it out either :/ |
|
Best way to test it would be to do so in a dummy repository and then push a package to test.pypi.org. I've used that flow when I originally created AutoPub. If you want, I can give you access to the relevant repository/repositories: https://github.com/autopub |
|
Happy to; I'll experiment in there until it's working. (Might not get to it til tomorrow night; I'm a bit busy today, if that's okay) |
|
No worries. I sent you an invitation to the test repo I've used in the past. |
|
Well, at least I can replicate it in the autopub project, but I am utterly confused as to WTF is happening. |
|
I've submitted a support request on it; hopefully I can figure out why this is happening. |
|
That's great. Thanks for looking deeper into that. I'm wondering if it has something to do with token format. Maybe the |
|
We found the issue: scikit-build/github-release#73 |
|
@offbyone: While we are waiting for a new |
|
I'm in favour of vendoring it, under the circumstances. |
This eliminates the need for a manually managed GH_TOKEN secret; the only scope needed by autopub[github] is the
reposcope, which is covered bycontents: writein the workflow