Skip to content

Commit

Permalink
Switch to Trusted Publisher method for PyPi releases (#324)
Browse files Browse the repository at this point in the history 
For publishing releases to PyPi, this PR switches from authenticating with user credentials to using the Trusted Publisher method. Also normalized to kebab-case and updated some actions to move from Node12 to Node16.

- Switch to Trusted Publisher method in `python-publish.yml`.
- Indicate user authentication secrets as depreciated in `README.md`.
- Switch to Trusted Publisher method in `runner-publish.yml`.
- Upgrade action versions and kebab-case in `python-publish.yml`.
- Upgrade action versions & kebab-case in `runner-publish.yml`.
  • Loading branch information
@nathanw-mlc
nathanw-mlc authored Aug 4, 2023
1 parent a147108 commit 3c759d0
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 59 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,6 @@ More Information on python-publish action & Repository Dispatch action can be fo
### Secrets used
| Name | |
|---|---|
|PYPI_USER |pypi login credentials used in GitHub workflows |
|PYPI_PASSWORD |pypi login credentials used in GitHub workflows |
|PYPI_USER (depreciated) |pypi login credentials used in GitHub workflows |
|PYPI_PASSWORD (depreciated) |pypi login credentials used in GitHub workflows |
|MLCOMMONS_REPO_ACCESS |public_repo ACL for request dispatch in GitHub workflows |
18 changes: 9 additions & 9 deletions .github/workflows/python-publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,12 @@ on:
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: '3.x'
- name: Install dependencies
Expand All @@ -27,12 +29,10 @@ jobs:
- name: Publish
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: ${{ secrets.PYPI_USER }}
verify_metadata: true
skip_existing: true
password: ${{ secrets.PYPI_PASSWORD }}
packages_dir: mlcube/dist/
repository_url: https://upload.pypi.org/legacy/
verify-metadata: true
skip-existing: true
packages-dir: mlcube/dist/
repository-url: https://upload.pypi.org/legacy/
verbose: true
env:
LOGLEVEL: DEBUG
Expand All @@ -42,7 +42,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Repository Dispatch
uses: peter-evans/repository-dispatch@v1
uses: peter-evans/repository-dispatch@v2
with:
token: ${{ secrets.MLCOMMONS_REPO_ACCESS }}
repository: mlcommons/mlcube
Expand Down
96 changes: 48 additions & 48 deletions .github/workflows/runner-publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,12 @@ on:
jobs:
ssh_deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: '3.x'
- name: Install dependencies
Expand All @@ -27,21 +29,21 @@ jobs:
- name: Publish
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: ${{ secrets.PYPI_USER }}
verify_metadata: true
skip_existing: true
password: ${{ secrets.PYPI_PASSWORD }}
packages_dir: runners/mlcube_ssh/dist/
repository_url: https://upload.pypi.org/legacy/
verify-metadata: true
skip-existing: true
packages-dir: runners/mlcube_ssh/dist/
repository-url: https://upload.pypi.org/legacy/
env:
LOGLEVEL: DEBUG

docker_deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: '3.x'
- name: Install dependencies
Expand All @@ -55,22 +57,22 @@ jobs:
- name: Publish
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: ${{ secrets.PYPI_USER }}
verify_metadata: true
skip_existing: true
password: ${{ secrets.PYPI_PASSWORD }}
packages_dir: runners/mlcube_docker/dist/
repository_url: https://upload.pypi.org/legacy/
verify-metadata: true
skip-existing: true
packages-dir: runners/mlcube_docker/dist/
repository-url: https://upload.pypi.org/legacy/
verbose: true
env:
LOGLEVEL: DEBUG

singularity_deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: '3.x'
- name: Install dependencies
Expand All @@ -84,22 +86,22 @@ jobs:
- name: Publish
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: ${{ secrets.PYPI_USER }}
verify_metadata: true
skip_existing: true
password: ${{ secrets.PYPI_PASSWORD }}
packages_dir: runners/mlcube_singularity/dist/
repository_url: https://upload.pypi.org/legacy/
verify-metadata: true
skip-existing: true
packages-dir: runners/mlcube_singularity/dist/
repository-url: https://upload.pypi.org/legacy/
verbose: true
env:
LOGLEVEL: DEBUG

kubernetes_runner_deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: '3.x'
- name: Install dependencies
Expand All @@ -113,22 +115,22 @@ jobs:
- name: Publish
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: ${{ secrets.PYPI_USER }}
verify_metadata: true
skip_existing: true
password: ${{ secrets.PYPI_PASSWORD }}
packages_dir: runners/mlcube_k8s/dist/
repository_url: https://upload.pypi.org/legacy/
verify-metadata: true
skip-existing: true
packages-dir: runners/mlcube_k8s/dist/
repository-url: https://upload.pypi.org/legacy/
verbose: true
env:
LOGLEVEL: DEBUG

gcp_runner_deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: '3.x'
- name: Install dependencies
Expand All @@ -142,22 +144,22 @@ jobs:
- name: Publish
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: ${{ secrets.PYPI_USER }}
verify_metadata: true
skip_existing: true
password: ${{ secrets.PYPI_PASSWORD }}
packages_dir: runners/mlcube_gcp/dist/
repository_url: https://upload.pypi.org/legacy/
verify-metadata: true
skip-existing: true
packages-dir: runners/mlcube_gcp/dist/
repository-url: https://upload.pypi.org/legacy/
verbose: true
env:
LOGLEVEL: DEBUG

kubeflow_runner_deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v2
uses: actions/setup-python@v3
with:
python-version: '3.x'
- name: Install dependencies
Expand All @@ -171,12 +173,10 @@ jobs:
- name: Publish
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: ${{ secrets.PYPI_USER }}
verify_metadata: true
skip_existing: true
password: ${{ secrets.PYPI_PASSWORD }}
packages_dir: runners/mlcube_kubeflow/dist/
repository_url: https://upload.pypi.org/legacy/
verify-metadata: true
skip-existing: true
packages-dir: runners/mlcube_kubeflow/dist/
repository-url: https://upload.pypi.org/legacy/
verbose: true
env:
LOGLEVEL: DEBUG

0 comments on commit 3c759d0

Please sign in to comment.