When deploying on pypi we have multiple issues:
- pypi itself likes to use Trusted Publishing instead
Warning: The workflow was run with the 'attestations: true' input, but an explicit password was also set, disabling Trusted Publishing. As a result, the attestations input is ignored.
Warning: Trusted Publishers allows publishing packages to PyPI from automated environments like GitHub Actions without needing to use username/password combinations or API tokens to authenticate with PyPI. Read more: https://docs.pypi.org/trusted-publishers
Warning: A new Trusted Publisher for the currently running publishing workflow can be created by accessing the following link(s) while logged-in as an owner of the package(s):
- dashes in setuptools throw deprecation warnings:
!!
********************************************************************************
Usage of dash-separated 'description-file' will not be supported in future
versions. Please use the underscore name 'description_file' instead.
Available configuration options are listed in:
https://setuptools.pypa.io/en/latest/userguide/declarative_config.html
This deprecation is overdue, please update your project and remove deprecated
calls to avoid build errors in the future.
See https://github.com/pypa/setuptools/discussions/5011 for details.
********************************************************************************
!!
When deploying on pypi we have multiple issues: