Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update python-publish.yml #79

Merged
merged 1 commit into from
Mar 17, 2024
Merged

Update python-publish.yml #79

merged 1 commit into from
Mar 17, 2024

Conversation

rexdivakar
Copy link
Owner

Issue Number

ISSUE #

Describe the changes you've made

Describe if there is any unusual behaviour of your code(Write NA if there isn't)

Additional context (OPTIONAL)

Test plan (OPTIONAL)

Checklist

  • My code follows the code style of this project.
  • I have performed a self-review of my own code.
  • My change requires a change to the documentation.
  • I have read the CONTRIBUTING document.
  • I have updated the documentation accordingly.
  • I have commented my code, particularly in hard-to-understand areas.
  • My changes generate no new warnings.
  • I have added tests that prove my fix is effective or that my feature works.
  • The title of my pull request is a short description of the requested changes.

@rexdivakar rexdivakar merged commit 065165d into main Mar 17, 2024
5 checks passed
sourcery-ai[bot]
sourcery-ai bot reviewed Mar 17, 2024
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @rexdivakar - I've reviewed your changes and they look great!

General suggestions:

  • Verify that the PyPI token is correctly set up in the repository secrets to avoid authentication issues during package publishing.
  • Consider adding a brief explanation in the PR description about the reason for switching to token-based authentication for improved clarity and documentation.
Here's what I looked at during the review
  • 🟢 General issues: all looks good
  • 🟡 Security: 1 issue found
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Docstrings: all looks good

Thanks for using Sourcery. We offer it for free for open source projects and would be very grateful if you could help us grow. If you like it, would you consider sharing Sourcery on your favourite social media? ✨

Share Sourcery

Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.

.github/workflows/python-publish.yml
@@ -24,7 +24,7 @@ jobs:
pip install setuptools wheel twine
- name: Build and publish
env:
TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚨 suggestion (security): Ensure token usage aligns with PyPI token-based authentication.

Changing the TWINE_USERNAME to 'token' implies the use of a PyPI token for authentication. It's important to ensure that the corresponding TWINE_PASSWORD is indeed a valid PyPI token and not a password. This change enhances security but requires the correct setup on the PyPI account.

@rexdivakar rexdivakar deleted the rexdivakar-patch-1 branch March 17, 2024 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sourcery-ai Sourcery AI Sourcery AI left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rexdivakar