Upgrade for pyproject.toml and pypa/gh-action-pypi-publish, refs #6

Author: simonw

.github/workflows/push.yml

@@ -10,17 +10,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout python-lib
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         path: main
     - name: Checkout python-lib-template-demo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: simonw/python-lib-template-demo
         path: python-lib-template-demo-current
         token: ${{ secrets.PERSONAL_ACCESS_TOKEN_FOR_PUSH }}
     - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: "3.11"
         cache: pip

README.md

@@ -7,23 +7,25 @@ Use this template on your own machine with cookiecutter, or create a brand new r
 ## Installation
 
 You'll need to have [cookiecutter](https://cookiecutter.readthedocs.io/) installed. I recommend pipx for this:
-
-    pipx install cookiecutter
-
+```bash
+pipx install cookiecutter
+```
 Regular `pip` will work OK too.
 
 ## Usage
 
 Run `cookiecutter gh:simonw/python-lib` and then answer the prompts. Here's an example run:
-
-    $ cookiecutter gh:simonw/python-lib
-    lib_name []: python lib template demo
-    description []: Demonstrating https://github.com/simonw/python-lib
-    hyphenated [python-lib-template-demo]: 
-    underscored [python_lib_template_demo]: 
-    github_username []: simonw
-    author_name []: Simon Willison
-
+```bash
+cookiecutter gh:simonw/python-lib
+```
+```
+lib_name []: python lib template demo
+description []: Demonstrating https://github.com/simonw/python-lib
+hyphenated [python-lib-template-demo]: 
+underscored [python_lib_template_demo]: 
+github_username []: simonw
+author_name []: Simon Willison
+```
 I strongly recommend accepting the suggested value for "hyphenated" and "underscored" by hitting enter on those prompts.
 
 This will create a directory called `python-lib-template-demo` - the name you enter is converted to lowercase and uses hyphens instead of spaces.
@@ -35,54 +37,58 @@ See https://github.com/simonw/python-lib-template-demo for the output of this ex
 Having created the new structure from the template, here's how to start working on the library.
 
 If your library is called `my-new-library`, you can start working on it like so:
-
-    cd my-new-library
-    # Create and activate a virtual environment:
-    python3 -mvenv venv
-    source venv/bin/activate
-    # Install dependencies so you can edit the project:
-    pip install -e '.[test]'
-    # With zsh you have to run this again for some reason:
-    source venv/bin/activate
-
+```bash
+cd my-new-library
+# Create and activate a virtual environment:
+python3 -mvenv venv
+source venv/bin/activate
+# Install dependencies so you can edit the project:
+pip install -e '.[test]'
+# With zsh you have to run this again for some reason:
+source venv/bin/activate
+```
 You can run the default test for your library like so:
-
-    pytest
-
+```bash
+pytest
+```
 This will execute the test in `tests/test_my_new_library.py`.
 
 ## Creating a Git repository for your library
 
 You can initialize a Git repository for your library like this:
-
-    cd my-new-library
-    git init
-    git add .
-    git commit -m "Initial structure from template"
-    # Rename the 'master' branch to 'main':
-    git branch -m master main
-
+```bash
+cd my-new-library
+git init
+git add .
+git commit -m "Initial structure from template"
+# Rename the 'master' branch to 'main':
+git branch -m master main
+```
 ## Publishing your library to GitHub
 
 Use https://github.com/new to create a new GitHub repository sharing the same name as your library, which should be something like `my-new-library`.
 
 Push your `main` branch to GitHub like this:
-
-    git remote add origin git@github.com:YOURNAME/my-new-library.git
-    git push -u origin main
-
+```bash
+git remote add origin git@github.com:YOURNAME/my-new-library.git
+git push -u origin main
+```
 The template will have created a GitHub Action which runs your library's test suite against every commit.
 
 ## Publishing your library as a package to PyPI
 
-The template also includes an Action for publishing packages to [PyPI](https://pypi.org/).
+The template also includes a `publish.yml` GitHub Actions workflow for publishing packages to [PyPI](https://pypi.org/), using [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish).
 
-To use this action, you need to create a PyPI account and an API token against that account.
+To use this action, you need to create a PyPI account and [configure a Trusted Publisher](https://til.simonwillison.net/pypi/pypi-releases-from-github) for this package.
 
-Once you have created your account, navigate to https://pypi.org/manage/account/token/ and create an API token. For initial publication of the package you will need to set the scope of the token to "Entire account (all projects)".
+Once you have created your account, navigate to https://pypi.org/manage/account/publishing/ and create a "pending publisher" for the package. Use the following values:
 
-Add that token to your repository as a GitHub secret called `PYPI_TOKEN`. You can find this in the "Settings -> Secrets -> New Secret" area of the repository. The token should begin with the string `pypi-`.
+- **PyPI Project Name:** The name of your package
+- **Owner:** Your GitHub username or organization - the "foo" in `github.com/foo/bar`
+- **Repsitory name:** The name of your repository - the "bar" in `github.com/foo/bar`
+- **Workflow name:** `publish.yml`
+- **Environment name:** `release`
 
-Now, any time you create a new "Release" on GitHub the Action will build your package and push it to PyPI. The tag for the new release needs to match the `VERSION` string at the top of your `setup.py` file.
+Now, any time you create a new "Release" on GitHub the Action will build your package and push it to PyPI.
 
-After the first release has gone out you can create a new PyPI API token that is scoped just to that project and use that to replace the `PYPI_TOKEN` secret in your GitHub repository settings.
+The tag for your release needs to match the `VERSION` string at the top of your `pyproject.toml` file. You should bump this version any time you release a new version of your package.

{{cookiecutter.hyphenated}}/.github/workflows/publish.yml

@@ -12,15 +12,15 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"]
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
         cache: pip
-        cache-dependency-path: setup.py
+        cache-dependency-path: pyproject.toml
     - name: Install dependencies
       run: |
         pip install '.[test]'
@@ -30,22 +30,23 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     needs: [test]
+    environment: release
+    permissions:
+      id-token: write
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
-        python-version: "3.11"
+        python-version: "3.12"
         cache: pip
-        cache-dependency-path: setup.py
+        cache-dependency-path: pyproject.toml
     - name: Install dependencies
       run: |
-        pip install setuptools wheel twine build
-    - name: Publish
-      env:
-        TWINE_USERNAME: __token__
-        TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
+        pip install setuptools wheel build
+    - name: Build
       run: |
         python -m build
-        twine upload dist/*
+    - name: Publish
+      uses: pypa/gh-action-pypi-publish@release/v1
 {% endraw %}

{{cookiecutter.hyphenated}}/.github/workflows/test.yml

@@ -10,15 +10,15 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"]
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
         cache: pip
-        cache-dependency-path: setup.py
+        cache-dependency-path: pyproject.toml
     - name: Install dependencies
       run: |
         pip install '.[test]'