python-lib
python-lib copied to clipboard
simonw
Opinionated cookiecutter template for creating a new Python library
https://github.com/simonw/python-lib/blob/4b825ed/%7B%7Bcookiecutter.hyphenated%7D%7D/.github/workflows/publish.yml#L44-L49 suggests that building the dists within the same job that publishes them is okay. But it's not. Such a structure opens the workflow users to privilege escalation through poisoning...
I've been using this: https://github.com/simonw/python-lib/blob/5ec8076eaa559928d2068d188dfed24ffcaf3b04/%7B%7Bcookiecutter.hyphenated%7D%7D/pyproject.toml#L8 But now I'm getting warnings from `python -m build` about it. Should be: license = "Apache-2.0" TODO: - [x] https://github.com/simonw/python-lib/blob/main/%7B%7Bcookiecutter.hyphenated%7D%7D/pyproject.toml - [x] https://github.com/simonw/llm-plugin/blob/main/llm-%7B%7Bcookiecutter.hyphenated%7D%7D/pyproject.toml - [x]...
