-
Notifications
You must be signed in to change notification settings - Fork 605
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add uv publish
: Basic upload with username/password or keyring
#7475
base: main
Are you sure you want to change the base?
Conversation
c4083a1
to
fecb3a1
Compare
Does it need to be secure? Or can we just have a test user that only uploads dummy packages that we can expose the password to? |
ea8fc61
to
3775e2c
Compare
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
3775e2c
to
261f04e
Compare
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
7502383
to
6f83d3f
Compare
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
6f83d3f
to
f72da4d
Compare
.only_authenticated(true) | ||
.build(); | ||
|
||
for (file, filename) in files { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you plan to try making parallel uploads here, or do you think that is not worth it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently not planning to, but i made the upload async to make it easier to do in parallel (with other uploads or something else entirely) in the future.
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
f8813a4
to
8f76504
Compare
When sending an upload request, we use HTTP formdata requests, which can't be cloned (seanmonstar/reqwest#2416, plus a limitation that formdata bodies are always internally streaming), but also know that we need to always have credentials. The authentication middleware by default tries to clone the request and send an authenticated request first. By introducing an `only_authenticated` setting, we can skip this behaviour for publishing. Split out from #7475
8f76504
to
bad4fea
Compare
bad4fea
to
56134b4
Compare
56134b4
to
7968483
Compare
let file: tokio::fs::File = fs_err::tokio::File::open(file).await?.into(); | ||
let file_reader = Body::from(file); | ||
form = form.part( | ||
"content", | ||
Part::stream(file_reader).file_name(filename.to_string()), | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The follow-up PR adds progress bars here
7968483
to
2d5af07
Compare
The
uv publish
command allows uploading wheels and source distributions to PyPI or another registry. We support username/password auth, token auth and (follow-up) trusted publishing from GitHub Actions. Be default we upload files fromdist/*
, the output directory fromuv build
.This is intended to support three different workflow, ordered by relevance:
uv build
uv publish
uv build
, clear the venv, install the source distribution, run a smoke test, upload the source distribution as artifactuv build --wheel
, clear the venv, install the wheel run a smoke test, upload the wheel as artifactdist/*
and runuv publish
uv build
uv publish
Since we intend for smoke tests between build and publish, there is no combined build-and-publish command.
What works:
__token__
, but it uses the same HTTP headers)This PR has coverage for PyPI (canonical index) and gitlab.com (alternative index). Unless there are concerns for a specific other index, I wouldn't add any specific testing for them yet.
Next PRs:
Follow-ups:
File
body part seanmonstar/reqwest#2416, so I'll add a for-loop around the publish.Not Implemented:
PRs' structure:
Best reviewed commit-by-commit