Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add RELEASE.md, and update release workflow to use PyPI's trusted publisher #58

Closed
6 tasks done
consideRatio opened this issue Apr 25, 2023 · 13 comments · Fixed by #59
Closed
6 tasks done

Add RELEASE.md, and update release workflow to use PyPI's trusted publisher #58

consideRatio opened this issue Apr 25, 2023 · 13 comments · Fixed by #59

Comments

@consideRatio
Copy link
Member

consideRatio commented Apr 25, 2023

I realize that there wasn't a RELEASE.md file in this repo now, I incorrectly thought it was though @Sheila-nk!

I suggest these action points, where we have a bit of additional complexity as the way we look to implement RELEASE.md changed very recently.

  1. We add RELEASE.md and update .github/workflows/release.yaml based on very recent developments
  2. Update permissions related to PyPI (https://pypi.org/project/pytest-jupyterhub/)
    • Remove jupyterhub-bot as a maintainer
    • Configure the release.yaml workflow in this repo as trusted
    • Cleanup the no longer needed GitHub Secret pypi_password in this GitHub project's settings
  3. Update the changelog to include this work
  4. Follow RELEASE.md
@consideRatio
Copy link
Member Author

@Sheila-nk I can help out directly if you wish or by reviewing anything quickly!

@consideRatio consideRatio changed the title Add RELEASE.md Add RELEASE.md, and update release workflow to use PyPI's trusted publisher Apr 25, 2023
@Sheila-nk
Copy link
Collaborator

Thanks for catching this @consideRatio
I can easily work on this issue since I have dedicated a couple of hours today to work on this project but thank you for the offer. I will request reviews from you though so I can complete the release today at least.

@Sheila-nk
Copy link
Collaborator

Ping @consideRatio 😞
Unfortunately, the release is failing. Here is the link to the workflow run.
There is a troubleshooting guide provided for this specific error:

`invalid-publisher`: valid token, but no corresponding publisher

which states that it might a typo problem but I cannot find any typos, whether in the project's PyPI trusted publishers url or the release.yaml file.

I am trying to figure out what the problem could be but I am currently stumped.

@consideRatio
Copy link
Member Author

consideRatio commented Apr 25, 2023

Ah I think I understand!

Background

So what tbump does, is that it makes commits and pushes to what git believes to be the remote destination named "origin". You can see what your local git repository on your computer believes to be "origin" by doing git remote --verbose (or -v). For me it is:

git remote --verbose

origin	git@github.com:jupyterhub/pytest-jupyterhub (fetch)
origin	git@github.com:jupyterhub/pytest-jupyterhub (push)

I quite often also setup another remote called fork, so for example in jupyterhub/jupyterhub, it looks like this on my local computer's jupyterhub/jupyterhub github repository:

git remote --verbose

fork	git@github.com:consideRatio/jupyterhub.git (fetch)
fork	git@github.com:consideRatio/jupyterhub.git (push)
origin	git@github.com:jupyterhub/jupyterhub (fetch)
origin	git@github.com:jupyterhub/jupyterhub (push)

What happened

I think you have origin configured to point to your remote, because that has received a git tag:

image

The workflow can run on your fork, or it can run in this repository as owned by the jupyterhub organization.

Solution

Rename the named remote destination origin to fork, and add a new remote destination called origin pointing to this jupyterhub organization owned repository.

I think in practice this would look like this:

git remote rename origin fork
git remote add origin git@github.com:jupyterhub/pytest-jupyterhub

Then after, you can verify something like the following:

git remote --verbose

fork	git@github.com:Sheila-nk/pytest-jupyterhub.git (fetch)
fork	git@github.com:Sheila-nk/pytest-jupyterhub.git (push)
origin	git@github.com:jupyterhub/pytest-jupyterhub (fetch)
origin	git@github.com:jupyterhub/pytest-jupyterhub (push)

@consideRatio
Copy link
Member Author

consideRatio commented Apr 25, 2023

After that is done, you are almost ready to make a release attempt again. I suggest some cleanup first. After this cleanup, you can perform the steps in RELEASE.md again I think without issues.

  1. Cleanup git commits added by tbump, locally and on your fork
git checkout main
git fetch origin main
git reset --hard origin/main

# you should now be at commit with hash starting with 21ceca8
git log

# forcefully update your fork's main branch to this state, removing previously added commits
git push --force fork main
  1. Cleanup git tags made by tbump, locally and on your fork
# show git tags available locally
git tag

# delete 0.1.0 tag from your local git repo
git tag --delete 0.1.0

# this removes the tag in the remote git destination called "fork"
git push fork :refs/tags/0.1.0

@Sheila-nk
Copy link
Collaborator

Sheila-nk commented Apr 25, 2023

😆 oh wow!
I always have my remote setup like this:

origin	git@github.com:Sheila-nk/pytest-jupyterhub.git (fetch)
origin	git@github.com:Sheila-nk/pytest-jupyterhub.git (push)
upstream	git@github.com:jupyterhub/pytest-jupyterhub.git (fetch)
upstream	git@github.com:jupyterhub/pytest-jupyterhub.git (push)

I was kind of curious why the release instructions made me fetch from origin and not upstream.
I should make a point to update the docs on this when the release is done.

Thank you! Let me make the changes then try again.

@Sheila-nk
Copy link
Collaborator

Hmmm... well I've noticed tbump wants to push to fork instead of origin now...

Screenshot 2023-04-25 at 19 39 34

Would these cli options from the tbump readme allow me to push the tag myself?

 --no-push          Do not push after creating the commit and/or tag
 --no-tag-push      Create a tag, but don't push it

@consideRatio
Copy link
Member Author

consideRatio commented Apr 25, 2023

Ah, so maybe it pushes to the local branchs associated remote?

I'm on a mobile phone now, see if you can "set remote branch" to main in the origin remote. I always google on how to do that.

@consideRatio
Copy link
Member Author

Maybe tbump config is availbale of relevance to this also, so searching config reference may be relevant.

@consideRatio
Copy link
Member Author

Ah yes btw, you can do manual things also!

Just: git push origin refs/tags/0.1.0

i think

@Sheila-nk
Copy link
Collaborator

It finally worked 😭
We have a release!! 🎊 🎊 🚀 🚀

I opted to delete remote fork and set main branch to track origin/main. I probably would have been able to do that without deleting fork but it worked anyway.

@Sheila-nk
Copy link
Collaborator

Thank you @consideRatio for your assistance!! Your help with this release was greatly appreciated ❤️
Closing this issue as completed now.

@consideRatio
Copy link
Member Author

Wieeee congratulations on the initial release @Sheila-nk!!!

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants