In Python packaged projects where I work, I used to add a make register
command for create a new version of my package. This launch a script I wrote which make the following things:
- Get the version number written in package
- Create a git tag
- Push the tag to the upstream
- Create a package
- Upload package to PyPI
It looks like:
#!/bin/bash
version=$(python setup.py --version)
git rev-parse ${version} &> /dev/null
if [[ "$?" -eq 0 ]] ; then
echo "Version '${version}' already exists."
exit 1
fi
git tag -a ${version} -m "Version ${version}"
git push origin ${version}
python setup.py sdist
python setup.py upload
All is good until last line: python setup.py upload
. It uses your user and password to authenticate with HTTP without the S. So if you don't want to publish your credentials under free licence I advise you to install twine.
Twine is a small tool for ease package management and must be use for upload your package in security. After log in, you'll only have to replace python setup.py upload
by twine upload
.
And all is great with TLS !
Note: Since Python 2.7.9 and 3.2, python setup.py upload is under HTTPS, but users using other will be with HTTP.
Comments