#twine | PyPA | Page 1

balmy prairie Aug 30, 2023, 7:19 AM

#

@rose summit seemed annoyed that this wasn't created already, despite no one requesting it. I'm taking https://github.com/pypa/twine/issues/1011#issuecomment-1698374595 to be a request for creating this. :)

wary ore Aug 30, 2023, 7:50 AM

#

nit: can you put the channel alphabetically in the list on the left? move it before virtualenv

rose summit Aug 30, 2023, 10:51 AM

#

It's really just that twine's always the afterthought. Genuinely the project doesn't seem to really need to exist anymore

ebon apex Aug 30, 2023, 10:55 AM

#

Not all tools have an upload feature so twine is kind of still needed for those who don’t have an alternative

lusty dew Aug 30, 2023, 10:57 AM

#

twine is used via pypi-publish

#

https://github.com/pypa/gh-action-pypi-publish/blob/unstable/v1/twine-upload.sh#L135

#

Which is very popular

wary ore Aug 30, 2023, 11:18 AM

#

yeah, I use either pypi-publish or twine directly, never had any issues with it 🙂 and looks really good now there's coloured logs during upload

craggy kindle Aug 31, 2023, 6:14 PM

#

I guess if anyone made twine a pip plugin, that might help solve one of the main "too many tools" conversations

cedar garden Aug 31, 2023, 6:18 PM

#

If only pip had a plugin system

ebon apex Aug 31, 2023, 9:55 PM

#

I doubt it’d help, when people say there are too many tools they don’t generally mean there are too many commands but there are too many things to install. Even as a plugin you still need to install it separately from pip itself.

craggy kindle Aug 31, 2023, 10:05 PM

#

For sure a concern. I guess if pip had a plugin system, and pip-upload was a plugin that basically implemented twine, then it would have less of a distance to traverse to be incorporated directly into pip

spark topaz Sep 1, 2023, 7:46 AM

#

hmm, there’s three tools with clear responsibilities:

build: build packages from a source tree
twine: upload built packages to PyPI
installer: install packages into an environment (venv or system)

pip exists to install packages (including from source trees) into venvs. it therefore has to be able to build, download, dep resolve, and modify venvs.
it can therefore do what build and installer can do, but not very cleanly: It’s hard to tell it not to do a lot of the other things it does.
e.g. to make it work like python -m installer --destdir="$pkgdir" dist/*.whl, you need to do something like

PIP_CONFIG_FILE=/dev/null pip install --isolated --root="$pkgdir" --ignore-installed --no-deps dist/*.whl

and I’m not sure I got that right.

So I don’t think pip is the base tool we should extend to cover more use cases. I don’t use any of the named tools manually at all (except for debugging).

I let hatch manage my dev projects (multiple environments per projects to run commands in, like hatch run test:cov or hatch run docs:build)
I let gh-action-pypi-publish call twine for me
I use build and installer in scripts to wrap python packages into OS managed packages

narrow eagle Jun 25, 2024, 10:30 PM

#

All usage of twine broken. Including the publish action. https://github.com/pypa/twine/issues/1125 Yanking 5.1.0 would fix now now while PR in review.

GitHub

KeyError: 'home-page' with importlib_metadata 8.0.0 · Issue #1125 ·...

Is there an existing issue for this? I have searched the existing issues (open and closed), and could not find an existing issue What keywords did you use to search existing issues? No response Wha...

abstract solstice Oct 8, 2024, 6:06 PM

#

TIL that pip install twine is not pure Python.
Someone tried to install twine on their Android phone and got an error about not having a Rust compiler: https://paste.pythondiscord.com/G5WQ.
Looks like nh3, a dependency of readme-renderer, has a Rust extension.

I don't have a strong enough opinion to push for change, I was just surprised.
I feel like it's bad DX to not have native support for official tooling.

wary ore Oct 8, 2024, 7:02 PM

#

Previously reported at https://github.com/pypa/twine/issues/1015, closed as readme-renderer is the only tool for the job, and it's up to them to provide wheels (or presumably not use nh3)

#

That links to https://github.com/pypa/readme_renderer/commit/9c2eb81301bc230f2795cf7e6dc2c23f5815ea41 where nh3 was added as a replacement for bleach, which is no longer supported

#

Or rather bleach is deprecated and only minimally supported https://github.com/mozilla/bleach/issues/698

spark topaz Oct 9, 2024, 12:41 PM

#

nh3 seems to provide many wheels for many different architectures (PowerPC, ARMv7, …) and all Python versions from 3.7 up, so it’s really not clear to me why your environment isn’t able to pick up the right wheel.

Are you maybe on a very obscure architecture or is there a bug that prevents your environment from picking up the right wheel?

cedar garden Oct 9, 2024, 12:48 PM

#

is there even a wheel tag for android? maybe that is the case?

wary ore Oct 9, 2024, 12:48 PM

#

the report was for Android

cedar garden Oct 9, 2024, 12:49 PM

#

also, I guess pre-building iOS/Android wheels in CI might be slightly tricky

wary ore Oct 9, 2024, 12:51 PM

#

Beeware will be working on adding iOS/Andoid support to pip/cibuildwheel/etc this year https://beeware.org/news/buzz/2024q4-roadmap/
I guess something needs adding to PyPI as well?

cedar garden Oct 9, 2024, 12:54 PM

#

it's actually surprising that twine requires readme_renderer. I would expect that to be an optional check (since IIRC pypi checks files with readme_renderer on upload)

narrow eagle Oct 9, 2024, 3:18 PM

#

I would have thought the main thing twine has over uv is being implemented in Python, and not requiring rust. If it requires rust anyway, not sure what it has over uv publish. 😉

spark topaz Oct 9, 2024, 5:05 PM

#

If Python for Android isn’t yet officially supported, but support is coming, I think the answer to the request is:

You have to wait a little, and thanks to the great people working on #cibuildwheel, you’ll get that in a few months

maiden dirge Oct 9, 2024, 7:50 PM

#

would maturin temporarily installing rustc/cargo help?

#

i.e., is the problem rustc missing or is the problem rust not being supported at all?

cedar garden Oct 9, 2024, 7:57 PM

#

maiden dirge would maturin temporarily installing rustc/cargo help?

some dummy package that would setup some basic rust would be nice anyway

lusty dew Nov 5, 2024, 6:48 PM

#

I recently got burnt by forgetting to remove a 'Private :: Do Not Upload' from a package I did indeed want to upload.

Is there a twine flag for this already?

#

Also I had a dependency with a direct URL, that twine didn't tell me about

#

Related: #pypi message

wild breach Nov 5, 2024, 7:00 PM

#

GitHub

Private Projects · Issue #8214 · astral-sh/uv

Is it possible to mark a uv project as private such that uv publish is completely disabled? For private code this is a desirable feature. Something like: [tool.uv] private = true NPM has a similar ...

#

Oh actually sorry I read that backwards

#

I thought you uploaded something you didn't want to! Not the other way around 🙂

maiden dirge Nov 6, 2024, 9:32 AM

#

the most confident solution to avoiding accidental publishing is never generating an all-project scoped pypi token: without credentials, you can't publish to pypi

hushed crown Nov 7, 2024, 6:58 AM

#

True, but with an invalid classifier, nobody else in your organisation can make the mistake of publishing it either.

lofty kernel Apr 3, 2026, 5:45 PM

#

Do I actually need .pypirc to use twine nowadays? Can it e.g. grab credentials from a system keyring instead? (I don't think I actually fully understand my system keyring, but.)

trail violet Apr 4, 2026, 12:32 AM

#

Yeah, we use the keyring extra to integrate with whatever backend you want: https://twine.readthedocs.io/en/stable/#keyring-support