This guide will help you set up PyPI publishing for the diffgetr library using GitHub Actions with trusted publishing.
- Go to PyPI.org and create an account
- Verify your email address
- (Optional) Go to TestPyPI.org and create an account for testing
- Log into PyPI.org
- Go to your account settings
- Navigate to "Publishing" tab
- Click "Add a new pending publisher"
- Fill in the details:
- PyPI Project Name:
diffgetr - Owner: Your GitHub username/organization
- Repository name:
diffgetr(or whatever your repo is named) - Workflow name:
main.yml - Environment name:
release
- PyPI Project Name:
- Log into TestPyPI.org
- Follow the same steps as above
- Go to your GitHub repository
- Navigate to Settings → Environments
- Create a new environment named
release - (Optional) Add protection rules like:
- Required reviewers
- Restrict to main branch only
- Wait timer before deployment
If you prefer API tokens instead of trusted publishing:
- Go to PyPI → Account Settings → API Tokens
- Create a new token with scope limited to your project
- In GitHub: Settings → Secrets and Variables → Actions
- Add secret:
PYPI_API_TOKENwith your token value
Make sure your pyproject.toml has the correct metadata:
[project]
name = "diffgetr"
version = "0.1.0" # Update this for new releases
description = "A Python library for comparing nested data structures with detailed diff reporting and interactive navigation."
authors = [
{ name = "Your Actual Name", email = "your.actual.email@example.com" }
]
readme = "README.md"
license = "MIT"
requires-python = ">=3.7"
[project.urls]
Homepage = "https://github.com/yourusername/diffgetr"
Repository = "https://github.com/yourusername/diffgetr"
Issues = "https://github.com/yourusername/diffgetr/issues"The CI/CD pipeline works as follows:
- ✅ Version Check: Ensures the version in
pyproject.tomldoesn't already exist as a GitHub release - ✅ Build & Test: Builds the package and runs unit tests
- ✅ Code Formatting: Runs
blackand auto-commits formatting changes
- ✅ Build & Test: Same as PR checks but must pass to continue
- ✅ Publish to PyPI: Uses trusted publishing to upload package
- ✅ GitHub Release: Creates a GitHub release with changelog and artifacts
To create a new release:
- Update Version: Edit
pyproject.tomland bump the version number - Create PR: Make your changes and create a pull request
- Review: The PR workflow will check version availability and run tests
- Merge: When merged to main, the package will automatically:
- Be published to PyPI
- Create a GitHub release
- Include built artifacts
# Install development dependencies
pip install -e ".[dev]"
# Run tests
pytest tests/
# Test build
python -m build
# Test installation
pip install dist/*.whlModify the GitHub workflow to publish to TestPyPI first:
- name: Publish to TestPyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
repository-url: https://test.pypi.org/legacy/-
"Project name already exists": The package name might be taken. Consider a different name.
-
"Invalid authentication": Check your trusted publishing setup matches exactly.
-
"Version already exists": You need to bump the version in
pyproject.toml. -
"Workflow failed": Check the GitHub Actions logs for specific error messages.
Fall back to API tokens:
- Create PyPI API token
- Add to GitHub secrets as
PYPI_API_TOKEN - Modify workflow to use:
- name: Publish to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: password: ${{ secrets.PYPI_API_TOKEN }}
- ✅ Trusted Publishing: More secure than API tokens
- ✅ Environment Protection: Requires approval for releases
- ✅ Branch Protection: Only allow releases from main branch
- ✅ Version Control: Automatic version checking prevents duplicates
- Update the repository URL in
pyproject.toml - Update author information
- Set up the PyPI trusted publisher
- Create your first release by bumping the version!
Your package will be available at: https://pypi.org/project/diffgetr/