-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publish to TestPyPi on PR and release #592
Conversation
Codecov Report
@@ Coverage Diff @@
## dev #592 +/- ##
=======================================
Coverage 46.68% 46.68%
=======================================
Files 31 31
Lines 2787 2787
=======================================
Hits 1301 1301
Misses 1486 1486 Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good.
I don't completely understand the hashes part but you can probably explain it to me additionally
Before publishing to PyPi the action generates a checksum. These hashes are then available on PyPi, in the "Download" section, in case someone wants to verify them. This "print_hashes" part basically just prints these hashes out here on GitHub so that we could technically check that these hashes are identical to the ones on PyPi and we could possibly add this information to the documentation somehow (not sure though), to recommend that all users verify the integrity of the package. As a precaution and threat mitigation. |
Description
In order to debug and prevent potential issues during releases, we should also 1. publish the CLI to TestPyPi on pr to dev and on release before real publishing, 2. make sure that the hashes are correct. Possible that we also should recommend verifying the hashes after installation.
The
print_hash: true
part in tells the action to show the hashes of what will be published. Easily verified manually by checking on PyPi. If something happens though and there's an error, the publishing will not occur.Type of change
Checklist:
General
Repository / Releases
Checks