Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Github project URL is not marked as "verified" despite self-link #16836

Open
MartinThoma opened this issue Oct 6, 2024 · 3 comments
Open

Github project URL is not marked as "verified" despite self-link #16836

MartinThoma opened this issue Oct 6, 2024 · 3 comments
Labels
awaiting-response PRs and issues that are awaiting author response

Comments

@MartinThoma
Copy link

MartinThoma commented Oct 6, 2024

Describe the bug

According to https://docs.pypi.org/project_metadata/ it should be possible to link to https://pypi.org/project/pypdf/ from https://github.com/py-pdf/pypdf

You can see the link from Github to the PyPI project page over the "python version" tag at the very top of the github page:

image

we did exactly that, but still the URL is not marked as "verified":

image

It was like this when the package was uploaded

Expected behavior

The source URL https://github.com/py-pdf/pypdf should be marked as verified on https://pypi.org/project/pypdf/

To Reproduce

https://pypi.org/project/pypdf/

@MartinThoma MartinThoma added bug 🐛 requires triaging maintainers need to do initial inspection of issue labels Oct 6, 2024
@MartinThoma
Copy link
Author

MartinThoma commented Oct 6, 2024

Hm ... can it be the missing trailing slash in the "Source" URL?

According to #16485 trailing slashes can be present or not. That was not added to the docs. Maybe it makes sense to add to the docs if trailing slashes are handled or not.

@woodruffw
Copy link
Member

According to docs.pypi.org/project_metadata it should be possible to link to pypi.org/project/pypdf from py-pdf/pypdf

Yep -- the docs specifically say that you need to use a Trusted Publisher to link a GitHub (or GitLab, etc.) repo to a PyPI project. Just adding a badge to the repo isn't sufficient, since anybody can add a badge claiming to be a particular project.

Once you register a Trusted Publisher and publish using it instead of a manually-configured API token, your subsequent releases will have those GitHub URLs marked as verified.

@woodruffw woodruffw added awaiting-response PRs and issues that are awaiting author response and removed requires triaging maintainers need to do initial inspection of issue bug 🐛 labels Oct 6, 2024
@woodruffw
Copy link
Member

(For reference, you're currently using a manually configured API token here: https://github.com/py-pdf/pypdf/blob/fcb103a7d995406c993b7ba6b3325c94dab7ad0b/.github/workflows/publish-to-pypi.yaml#L27-L32)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
awaiting-response PRs and issues that are awaiting author response
Projects
None yet
Development

No branches or pull requests

2 participants