-
Register a separate account at https://test.pypi.org/account/register/.
-
Verify the email address.
-
Configure 2FA with a new authenticator.
-
Store the recovery codes and add a second authentication method if possible.
-
Create the
testpypiGitHub environment without repository secrets. -
Register the TestPyPI trusted publisher for:
- GitHub owner:
CNAG-Biomedical-Informatics - Repository:
cbicall - Workflow:
publish-testpypi.yml - GitHub environment:
testpypi
- GitHub owner:
-
Run the
Publish to TestPyPIworkflow manually. It builds and validates the distributions with:python3 -m build python3 -m twine check dist/* -
Confirm that the trusted-publishing job uploads to TestPyPI.
-
Test the uploaded wheel without changing the system installation:
python3 -m pip install \ --index-url https://test.pypi.org/simple/ \ --no-deps \ --target /tmp/cbicall-testpypi \ "cbicall==1.1.0b1" PYTHONPATH=/tmp/cbicall-testpypi python3 -m cbicall --version PYTHONPATH=/tmp/cbicall-testpypi python3 -m cbicall validate-registry PYTHONPATH=/tmp/cbicall-testpypi python3 -m cbicall validate-resources
TestPyPI is independent from production PyPI. It has separate credentials, does not reserve the production package name, and may periodically remove projects.
- Wait for production PyPI account recovery.
- Restore 2FA and store new recovery codes.
- Configure the
cbicalltrusted publisher for:- GitHub owner:
CNAG-Biomedical-Informatics - Repository:
cbicall - Workflow:
publish-pypi.yml - GitHub environment:
pypi
- GitHub owner:
- Create the matching
pypienvironment in the GitHub repository. - Select and set the intended package version before creating the release.
- Do not publish the GitHub release until trusted publishing is configured.
Uploaded PyPI files cannot be replaced, even after deletion. If an upload is
incorrect, yank it and publish a new incremented version such as .dev2 or
b2.