Have any big Python packages moved off of Github given the general wtfery going on there?
I’m considering moving my package elsewhere and I think the only thing I would miss would be the nice CI workflow for publishing to PyPI, unless that is also portable?
@mclare Comparing https://github.com/sethmlarson/pypi-data and https://hugovk.dev/top-pypi-packages/ from a year ago to now, these have moved to Codeberg. The middle two have the same author.
372. requests-file (69m)
414. scramp (62m)
524. pg8000 (45m)
1073. jellyfish (15m)
No Trusted Publishing on Codeberg.
CI is granted on request, "provided as-is and might break at any time and for an undefined period of time, due to server issues, for testing and maintenance purposes or human error" and linux/amd64 only.
@mclare Trusted Publishing is available for:
GitHub Actions
GitLab CI/CD
Google Cloud
ActiveState
https://docs.pypi.org/trusted-publishers/adding-a-publisher/
@offby1 @mclare See the general guide:
https://docs.pypi.org/trusted-publishers/internals/#how-do-i-become-a-trusted-publishing-provider
And see Donald's replies for what Codeberg likely needs:
https://discuss.python.org/t/new-oidc-providers-for-trusted-publishing/106334
@hugovk @mclare Neat. I’m less curious about codeberg per se, more wondering what would be involved in self-owned OIDC publishing; I would love to provide my own identity from my own infrastructure for my own packages (in the abstract, rather than “me, specifically”, because I’m fine with GitHub, but it would be great for those who are not to have a trusted publishing option that doesn’t rely on tokens)
(Note that I am far from expert in this space and may be thinking entirely wrong about it.)
MClare
Hugo van Kemenade
Chris is.