Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use twine environment variables if set #3353

Merged
merged 1 commit into from
May 21, 2024
Merged

Use twine environment variables if set #3353

merged 1 commit into from
May 21, 2024

Conversation

ericwb
Copy link
Contributor

@ericwb ericwb commented May 21, 2024
edited

The reflex publish command utilizes twine under the covers to publish to PyPI. However, reflex will effectively ignore twine environment variables and expect token or username/password to be passed via the CLI.

This change adds TWINE_USERNAME and TWINE_PASSWORD as default values for username and password. This has two postive effects; it excludes passing secrets in a command line, and it just utilizes variables already potentially set as env vars.

This addresses the issue in #3343 so that a user can avoid secrets in the command line. It's not the most ideal solution, which would be to fetch secrets from a file, but it is much better than CLI arguments.

Note: if the user wants to pass a token securely, they can still set the TWINE_USERNAME to token and TWINE_PASSWORD to the token (with the pypi- prefix)

Closes #3343

All Submissions:

  • Have you followed the guidelines stated in CONTRIBUTING.md file?
  • Have you checked to ensure there aren't any other open Pull Requests for the desired changed?

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)

New Feature Submission:

  • Does your submission pass the tests?
  • Have you linted your code locally prior to submission?

Changes To Core Features:

  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you successfully ran tests with your changes locally?

@ericwb
Use twine environment variables if set
ae95c75 
The reflex publish command utilizes twine under the covers to
publish to PyPI. However, reflex will effectively ignore twine
environment variables and expect token or username/password
to be passed via the CLI.

This change adds TWINE_USERNAME and TWINE_PASSWORD as default
values for username and password. This has two postive effects;
it excludes passing secrets in a command line, and it just utilizes
variables already potentially set as env vars.

This addresses the issue in reflex-dev#3343 so that a user can avoid secrets
in the command line. It's not the most ideal solution, which would
be to fetch secrets from a file, but it is much better than CLI
arguments.

Note: if the user wants to pass a token securely, they can still
set the TWINE_USERNAME to __token__ and TWINE_PASSWORD to the token
(with the pypi- prefix)

Closes reflex-dev#3343

Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
@ericwb
Copy link
Contributor Author

ericwb commented May 21, 2024

Let me know if you'd prefer different environment variable names.

masenf
masenf approved these changes May 21, 2024
View reviewed changes
Copy link
Collaborator

@masenf masenf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think it makes good sense to use the same var names.

thanks for contributing

@picklelo picklelo merged commit d50be7e into reflex-dev:main May 21, 2024
47 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@masenf masenf masenf approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Shouldn't allow password and tokens as CLI arguments
3 participants
@ericwb @masenf @picklelo