Automatic deployment to PyPI #344
Comments
|
@jathak is there a strong reason for this? https://github.com/okpy/ok-client/commits/master/release.py seems to have existed for a while before this issue was created so I assume you found it lacking? |
|
release.py is nice but it does mean that for someone to deploy they need to have credentials to PyPi, ok admin access, and a github token (which is possibly a security feature considering clients autoupdate themselves) |
|
Is automatic deployment to PyPI advisable generally? I'm not familiar with what common practice is, but it seems like a potential security concern, as well as leading too easily to mistakes when someone didn't intend to make a release. |
|
I think automatic deployment when pushing a tag make sense, giving that's an explicit extra action on top of committing to master. It also ensures that each version released on PyPI matches the tag on GitHub. I don't know what the best practices are for PyPI specifically, but it's definitely common for automated releases to be used for packages on npm and other package managers. |
It would be nice for this to be auto-deployed whenever we push a new tag
The text was updated successfully, but these errors were encountered: