[PATCH] scripts: Sign pip packages on release
1 view
Skip to first unread message
Jan Kiszka
Jun 2, 2024, 12:42:57 PMJun 2
to kas-devel
From: Jan Kiszka <jan.k...@siemens.com>
Missed that this is already possible. But pip offers no built-in
validation, this needs to be done manually:
1. Find package URL under https://pypi.org/project/kas/#files
2. wget https://files.pythonhosted.org/packages/.../kas-<version>.tar.gz.asc
3. gpg search-keys 004C647D7572CF7D72BDB4FB699D850A9F417BD8 (unless already imported)
4. gpg kas-<version>.tar.gz.asc
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
scripts/release.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/release.sh b/scripts/release.sh
index 3dc4a27..20708ba 100755
--- a/scripts/release.sh
+++ b/scripts/release.sh
@@ -42,7 +42,7 @@ git tag -s -m "Release $NEW_VERSION" "$NEW_VERSION"
git push --follow-tags
python3 setup.py sdist
-twine upload -r pypi "dist/kas-$NEW_VERSION.tar.gz"
+twine upload -s -r pypi "dist/kas-$NEW_VERSION.tar.gz"
authors=$(git shortlog -s "$OLD_VERSION".."$NEW_VERSION" | cut -c8- | paste -s -d, - | sed -e 's/,/, /g')
highlights=$(sed -e "/$OLD_VERSION$/,\$d" CHANGELOG.md)
--
2.43.0
Missed that this is already possible. But pip offers no built-in
validation, this needs to be done manually:
1. Find package URL under https://pypi.org/project/kas/#files
2. wget https://files.pythonhosted.org/packages/.../kas-<version>.tar.gz.asc
3. gpg search-keys 004C647D7572CF7D72BDB4FB699D850A9F417BD8 (unless already imported)
4. gpg kas-<version>.tar.gz.asc
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
scripts/release.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/release.sh b/scripts/release.sh
index 3dc4a27..20708ba 100755
--- a/scripts/release.sh
+++ b/scripts/release.sh
@@ -42,7 +42,7 @@ git tag -s -m "Release $NEW_VERSION" "$NEW_VERSION"
git push --follow-tags
python3 setup.py sdist
-twine upload -r pypi "dist/kas-$NEW_VERSION.tar.gz"
+twine upload -s -r pypi "dist/kas-$NEW_VERSION.tar.gz"
authors=$(git shortlog -s "$OLD_VERSION".."$NEW_VERSION" | cut -c8- | paste -s -d, - | sed -e 's/,/, /g')
highlights=$(sed -e "/$OLD_VERSION$/,\$d" CHANGELOG.md)
--
2.43.0
Reply all
Reply to author
Forward
0 new messages