Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot upload from Jazzband to PyPI due to outdated dependencies #360

Closed
hugovk opened this issue Apr 10, 2024 · 2 comments
Closed

Cannot upload from Jazzband to PyPI due to outdated dependencies #360

hugovk opened this issue Apr 10, 2024 · 2 comments
Assignees
Labels

Comments

@hugovk
Copy link
Member

hugovk commented Apr 10, 2024

Short version: Update Metadata package to 2.3+ on https://github.com/jazzband/website to fix PyPI releasing

Describe the bug

I've made a release from GitHub Actions to the Jazzband staging area, but I can't release from there to PyPI because https://github.com/jazzband/website has outdated dependencies.

To Reproduce
Steps to reproduce the behavior:

  1. Go to https://jazzband.co/projects/prettytable/upload/1195/release
  2. Enter "prettytable" in the project name box
  3. Click Release
  4. See error:

Release of prettytable-3.10.1.tar.gz failed.
Standard output

Uploading distributions to https://upload.pypi.org/legacy/ �[31mERROR �[0m InvalidDistribution: Metadata is missing required fields: Name, Version. Make sure the distribution includes the files where those fields are specified, and is using a supported Metadata-Version: 1.0, 1.1, 1.2, 2.0, 2.1, 2.2.

Expected behavior

Package uploaded to PyPI.

Additional context

Metadata 2.3 has been released, so dependencies need updating on the Jazzband website.

GitHub Actions -> PyPI worked because they have the latest tools, like twine==5.0.0 and pkginfo==1.10.0:

However, the Jazzband website has pinned dependencies, like twine==4.0.2 and pkginfo==1.9.6:

That repo does use Dependabot, but there's some unmerged PRs like jazzband/website#1148 which have this banner at the top:

Dependabot updates are paused
We noticed you haven't used Dependabot in a while, so we've paused automated Dependabot updates for this repository. To resume, simply interact with Dependabot.
For example, merge a Dependabot pull request or use @dependabot rebase. See open Dependabot pull requests or learn more about pausing of activity.

  1. Please could you re-enable Dependabot and update those dependencies?
  2. I have a 10-month-old request to transfer out this project, please could you check this too? Transfer Out: PrettyTable #340
  3. For other Jazzband projects, we should look into using the new Trusted Publishers to skip the staging area.

Thank you!

@hugovk hugovk added the bug label Apr 10, 2024
ddabble added a commit to ddabble/django-simple-history that referenced this issue May 29, 2024
Most of the changes to `pyproject.toml` were made by running
`hatch new --init` (see
https://hatch.pypa.io/latest/intro/#existing-project).
Most of the changes to the other files were based on the changes made in
django-commons/django-debug-toolbar#1690.

### `release.yml`:
* `hatch version` is run instead of `hatchling version` (as is done in
  the PR mentioned above), as the latter crashes with the error:
  ```
  hatchling.plugin.exceptions.UnknownPluginError: Unknown version source: vcs
  ```
  Installing `hatch` takes considerably longer than just `hatchling`,
  but I think it's still acceptable.
* Updated the `pypa/gh-action-pypi-publish` action from the sunset
  `master` branch to `release/v1`; see warning at
  https://github.com/jazzband/django-simple-history/actions/runs/9246937361.
  Also replaced the deprecated `repository_url` with `repository-url`; see
  https://github.com/pypa/gh-action-pypi-publish/blob/v1.8.14/action.yml#L15
### `.pre-commit-config.yaml`:
* Added some pre-commit hooks for formatting and validating
  `pyproject.toml`
### `MANIFEST.in`:
* Removed `MANIFEST.in`, as the default
  `[tool.hatch.build.targets.sdist]` configuration (in `pyproject.toml`)
  includes all files not ignored through our `.gitignore`; see
  https://hatch.pypa.io/latest/plugins/builder/sdist/#default-file-selection
### `pyproject.toml`:
* Didn't include the `license` field, as the docs recommend using a
  `License ::` classifier instead - see
  https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license
* The classifier "Programming Language :: Python :: 3"
  was changed to "Programming Language :: Python :: 3 :: Only"
  by the `pyproject-fmt` pre-commit hook
* Set `core-metadata-version = "2.2"` (copied from
  django-commons/django-debug-toolbar#1916) due to
  jazzband/help#360
* Didn't include the last 3 packages from the `packages` kwarg in
  `setup.py` when configuring `[tool.hatch.build.targets.wheel]`, since
  they don't make any difference in the generated wheel, as having just
  `simple_history` will include all its subpackages
* As part of porting long_description's file concatenation from
  `setup.py`, `hatch-fancy-pypi-readme` was added to `requires` and
  configured to concatenate the same files - except with the first title
  of `README.rst` and the "Unreleased" section of `CHANGES.rst` removed
  (facilitated by the added "Start of PyPI readme" comments in those two
  files)
@jezdez
Copy link
Member

jezdez commented Jul 12, 2024

This should be resolved in https://github.com/jazzband/website/releases/tag/24.7.0

@jezdez jezdez closed this as completed Jul 12, 2024
@hugovk
Copy link
Member Author

hugovk commented Jul 12, 2024

Confirmed, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants