audreyfeldroy/cookiecutter-pypackage

pypi token vs password - template is very confusing

technic opened this issue · 1 comments

technic commented
  • Date you used Cookiecutter PyPackage: 08-05-2020
  • Cookiecutter version used, if any: master branch
  • Python version, if any: 3.6
  • Operating System: Windows 10

Description

There are two options to deploy: login/password and token. The recommended option is to use pypi api token, however this template puts a login in the travis.yml. It encourages to use the non recommended option, and the readme file does not explain any of this. I spent the whole afternoon to figure out, why I get pypi authorization errors over and over.

TL;DR I suggest to make this clear by putting few additional lines into the readme.

What I Did

It was my first package to upload to pypi, and I had no idea about how to do it. I used this template, because I wanted things to be done fast. I followed the guide in the README file of this repositroy. At this line in the guide:

Register your project with PyPI.

I follow the provided link and read about creating a token, so I have created it. Next step was

Run the Travis CLI command travis encrypt --add deploy.password to encrypt your PyPI password

This line I misunderstood. Unfortunately, I thought that I should provide a token not a password. There is no token mentioned in the readme, and no password mentioned in the pypi documentation. So I assumed it is the same thing, just different name (and indeed you can put both in the password field of the travis.yml config).

The next bad luck, is that I am using Windows. travis encrypt works strange on Windows, because to terminate input one has to press Enter, then Ctrl+Z, then Enter again. However the console prompt says "press Ctrl+D". My first thought was that windows inserts some additional '\n' or '\r' in the encrypted string. I tried few times and it did not work. Then I rebooted to linux live usb, and it still did not work.

Finally, after few hours of wasted time, I realized that maybe I should look into travis documentation.

deploy:
  provider: pypi
  user: "__token__"
  password: "Your PyPI API token, including the pypi- prefix"

And I realized that for token authorization, one has to modify user field. This was completely surprising for me, because there is no comment about that in the cookiecutter template.

raman325 commented

THANK YOU SO MUCH! I've been struggling with this exact same issue for the exact same reason. I may submit a PR to improve the documentation/workflow around this because it's confusing