| TWINE(1) | twine | TWINE(1) |
twine - twine Documentation
This project follows the semantic versioning and pre-release versioning schemes recommended by the Python Packaging Authority.
This helps people with https://upload.pypi.io still in their .pypirc file.
This also uncovered a bug where if you're using twine in a situation where * is not expanded by your shell, we might also miss uploading signatures to PyPI. Both were fixed as part of this.
We are happy you have decided to contribute to Twine.
Please see the GitHub repository for code and more documentation, and the official Python Packaging User Guide for user documentation. To ask questions or get involved, you can join the Python Packaging Discourse forum, #pypa or #pypa-dev on IRC, or the distutils-sig mailing list.
Everyone interacting in the Twine project's codebases, issue trackers, chat rooms, and mailing lists is expected to follow the PSF Code of Conduct.
We use tox to run tests, check code style, and build the documentation. To install tox, run:
python3 -m pip install tox
Clone the twine repository from GitHub, then run:
cd /path/to/your/local/twine tox -e dev
This creates a virtual environment, so that twine and its dependencies do not interfere with other packages installed on your machine. In the virtual environment, twine is pointing at your local copy, so when you make changes, you can easily see their effect.
The virtual environment also contains the tools for running tests and checking code style, so you can run them on single files directly or in your code editor. However, we still encourage using the tox commands below on the whole codebase.
To use the virtual environment, run:
source venv/bin/activate
Additions and edits to twine's documentation are welcome and appreciated.
To preview the docs while you're making changes, run:
tox -e watch-docs
Then open a web browser to http://127.0.0.1:8000.
When you're done making changes, lint and build the docs locally before making a pull request. In your active virtual environment, run:
tox -e docs
The HTML of the docs will be written to docs/_build/html.
To automatically reformat your changes with isort and black, run:
tox -e format
To detect any remaining code smells with flake8, run:
tox -e lint
To perform strict type-checking using mypy, run:
tox -e types
Any errors from lint or types need to be fixed manually.
Additionally, we prefer that import statements be used for packages and modules only, rather than individual classes or functions.
We use pytest for writing and running tests.
To run the tests in your virtual environment, run:
tox -e py
To pass options to pytest, e.g. the name of a test, run:
tox -e py -- tests/test_upload.py::test_exception_for_http_status
Twine is continuously tested against supported versions of Python using GitHub Actions. To run the tests against a specific version, e.g. Python 3.8, you will need it installed on your machine. Then, run:
tox -e py38
To run the "integration" tests of uploading to real package indexes, run:
tox -e integration
To run the tests against all supported Python versions, check code style, and build the documentation, run:
tox
The docs/changelog.rst file is built by towncrier from files in the changelog/ directory. To add an entry, create a file in that directory named {number}.{type}.rst, where {number} is the pull request number, and {type} is feature, bugfix, doc, removal, or misc.
For example, if your PR number is 1234 and it's fixing a bug, then you would create changelog/1234.bugfix.rst. PRs can span multiple categories by creating multiple files: if you added a feature and deprecated/removed an old feature in PR #5678, you would create changelog/5678.feature.rst and changelog/5678.removal.rst.
A changelog entry is meant for end users and should only contain details relevant to them. In order to maintain a consistent style, please keep the entry to the point, in sentence case, shorter than 80 characters, and in an imperative tone. An entry should complete the sentence "This change will ...". If one line is not enough, use a summary line in an imperative tone, followed by a description of the change in one or more paragraphs, each wrapped at 80 characters and separated by blank lines.
You don't need to reference the pull request or issue number in a changelog entry, since towncrier will add a link using the number in the file name, and the pull request should reference an issue number. Similarly, you don't need to add your name to the entry, since that will be associated with the pull request.
Changelog entries are rendered using reStructuredText, but they should only have minimal formatting (such as ``monospaced text``).
Twine is a command-line tool for interacting with PyPI securely over HTTPS. Its three purposes are to be:
Currently, twine has two principle functions: uploading new packages and registering new projects (register is no longer supported on PyPI, and is in Twine for use with other package indexes).
Its command line arguments are parsed in twine/cli.py. The code for registering new projects is in twine/commands/register.py, and the code for uploading is in twine/commands/upload.py. The file twine/package.py contains a single class, PackageFile, which hashes the project files and extracts their metadata. The file twine/repository.py contains the Repository class, whose methods control the URL the package is uploaded to (which the user can specify either as a default, in the .pypirc file, or pass on the command line), and the methods that upload the package securely to a URL.
For more details, refer to the source documentation (currently a work in progress):
Top-level module for Twine.
The contents of this package are not a public API. For more details, see https://github.com/pypa/twine/issues/194 and https://github.com/pypa/twine/issues/665.
Module containing the logic for the twine sub-commands.
The contents of this package are not a public API. For more details, see https://github.com/pypa/twine/issues/194 and https://github.com/pypa/twine/issues/665.
Module containing the logic for twine check.
Returns the number of characters written, which is always equal to the length of the string.
From https://docs.python.org/3.11/library/cgi.html#cgi.parse_header.
This is currently only validates long_description, but more checks could be added; see https://github.com/pypa/twine/projects/2.
Module containing the logic for twine register.
Pre-registration is not supported on PyPI, so the register command is only necessary if you are using a different repository that requires it.
Module containing the logic for twine upload.
If a package already exists on the repository, most repositories will return an error response. However, if upload_settings.skip_existing is True, a message will be displayed and any remaining distributions will be uploaded.
For known repositories (like PyPI), the web URLs of successfully uploaded packages will be displayed.
Module containing exceptions raised by twine.
In some cases, requests refuses to issue a new POST request after a redirect. In order to prevent a confusing user experience, we raise this exception to allow users to know the index they're uploading to is redirecting them.
This is only used when attempting to register a package_file.
The sites pypi.python.org and testpypi.python.org are deprecated.
All repository URLs must have a protocol (e.g., https://).
For example, https://pypi.org instead of https://upload.pypi.org/legacy.
Any runs of non-alphanumeric/. characters are replaced with a single '-'.
Copied from pkg_resources.safe_name for compatibility with warehouse. See https://github.com/pypa/twine/issues/743.
Includes values from filename, PKG-INFO, hashers, and signature.
This will also allow us to better test this logic.
Module containing logic for handling settings.
This object can only be instantiated with keyword arguments.
For example,
Settings(True, username='fakeusername')
Will raise a TypeError. Instead, you would want
Settings(sign=True, username='fakeusername')
Format: https://packaging.python.org/specifications/pypirc/
If the default config file doesn't exist, return a default configuration for pypyi and testpypi.
Raise a custom exception for recognized errors. Otherwise, print the response content (based on the verbose option) before re-raising the HTTPError.
Uses the following rules:
A user can set the repository URL, username, and/or password via command line, .pypirc files, environment variables, and keyring.
A checklist for adding a new maintainer to the project.
A checklist for creating, testing, and distributing a new version.
VERSION=3.4.2 git switch -c release-$VERSION
tox -e changelog -- --version $VERSION git commit -am "Update changelog for $VERSION"
git switch main git pull --ff-only upstream main git tag -m "Release v$VERSION" $VERSION
git push upstream $VERSION
See our open issues.
In the future, pip and twine may merge into a single tool; see ongoing discussion.
Twine is a utility for publishing Python packages to PyPI and other repositories. It provides build system independent uploads of source and binary distribution artifacts for both new and existing projects.
The goal of Twine is to improve PyPI interaction by improving security and testability.
The biggest reason to use Twine is that it securely authenticates you to PyPI over HTTPS using a verified connection, regardless of the underlying Python version. Meanwhile, python setup.py upload will only work correctly and securely if your build system, Python version, and underlying operating system are configured properly.
Secondly, Twine encourages you to build your distribution files. python setup.py upload only allows you to upload a package as a final step after building with distutils or setuptools, within the same command invocation. This means that you cannot test the exact file you're going to upload to PyPI to ensure that it works before uploading it.
Finally, Twine allows you to pre-sign your files and pass the .asc files into the command line invocation (twine upload myproject-1.0.1.tar.gz myproject-1.0.1.tar.gz.asc). This enables you to be assured that you're typing your gpg passphrase into gpg itself and not anything else, since you will be the one directly executing gpg --detach-sign -a <filename>.
pip install twine
python -m build
twine upload -r testpypi dist/*
Twine will prompt for your username and password.
twine upload dist/*
NOTE:
If you're using Windows and trying to paste your username, password, or token in the Command Prompt or PowerShell, Ctrl-V and Shift+Insert won't work. Instead, you can use "Edit > Paste" from the window menu, or enable "Use Ctrl+Shift+C/V as Copy/Paste" in "Properties". This is a known issue with Python's getpass module.
More documentation on using Twine to upload packages to PyPI is in the Python Packaging User Guide.
Uploads one or more distributions to a repository.
usage: twine upload [-h] [-r REPOSITORY] [--repository-url REPOSITORY_URL]
[-s] [--sign-with SIGN_WITH] [-i IDENTITY] [-u USERNAME]
[-p PASSWORD] [--non-interactive] [-c COMMENT]
[--config-file CONFIG_FILE] [--skip-existing]
[--cert path] [--client-cert path] [--verbose]
[--disable-progress-bar]
dist [dist ...]
positional arguments:
dist The distribution files to upload to the repository
(package index). Usually dist/* . May additionally
contain a .asc file to include an existing signature
with the file upload.
options:
-h, --help show this help message and exit
-r REPOSITORY, --repository REPOSITORY
The repository (package index) to upload the package
to. Should be a section in the config file (default:
pypi). (Can also be set via TWINE_REPOSITORY
environment variable.)
--repository-url REPOSITORY_URL
The repository (package index) URL to upload the
package to. This overrides --repository. (Can also be
set via TWINE_REPOSITORY_URL environment variable.)
-s, --sign Sign files to upload using GPG.
--sign-with SIGN_WITH
GPG program used to sign uploads (default: gpg).
-i IDENTITY, --identity IDENTITY
GPG identity used to sign files.
-u USERNAME, --username USERNAME
The username to authenticate to the repository
(package index) as. (Can also be set via
TWINE_USERNAME environment variable.)
-p PASSWORD, --password PASSWORD
The password to authenticate to the repository
(package index) with. (Can also be set via
TWINE_PASSWORD environment variable.)
--non-interactive Do not interactively prompt for username/password if
the required credentials are missing. (Can also be set
via TWINE_NON_INTERACTIVE environment variable.)
-c COMMENT, --comment COMMENT
The comment to include with the distribution file.
--config-file CONFIG_FILE
The .pypirc config file to use.
--skip-existing Continue uploading files if one already exists. (Only
valid when uploading to PyPI. Other implementations
may not support this.)
--cert path Path to alternate CA bundle (can also be set via
TWINE_CERT environment variable).
--client-cert path Path to SSL client certificate, a single file
containing the private key and the certificate in PEM
format.
--verbose Show verbose output.
--disable-progress-bar
Disable the progress bar.
Checks whether your distribution's long description will render correctly on PyPI.
usage: twine check [-h] [--strict] dist [dist ...] positional arguments: dist The distribution files to check, usually dist/* options: -h, --help show this help message and exit --strict Fail on warnings
Pre-register a name with a repository before uploading a distribution.
WARNING:
usage: twine register [-h] [-r REPOSITORY] [--repository-url REPOSITORY_URL]
[-s] [--sign-with SIGN_WITH] [-i IDENTITY] [-u USERNAME]
[-p PASSWORD] [--non-interactive] [-c COMMENT]
[--config-file CONFIG_FILE] [--skip-existing]
[--cert path] [--client-cert path] [--verbose]
[--disable-progress-bar]
package
register operation is not required with PyPI.org
positional arguments:
package File from which we read the package metadata.
options:
-h, --help show this help message and exit
-r REPOSITORY, --repository REPOSITORY
The repository (package index) to upload the package
to. Should be a section in the config file (default:
pypi). (Can also be set via TWINE_REPOSITORY
environment variable.)
--repository-url REPOSITORY_URL
The repository (package index) URL to upload the
package to. This overrides --repository. (Can also be
set via TWINE_REPOSITORY_URL environment variable.)
-s, --sign Sign files to upload using GPG.
--sign-with SIGN_WITH
GPG program used to sign uploads (default: gpg).
-i IDENTITY, --identity IDENTITY
GPG identity used to sign files.
-u USERNAME, --username USERNAME
The username to authenticate to the repository
(package index) as. (Can also be set via
TWINE_USERNAME environment variable.)
-p PASSWORD, --password PASSWORD
The password to authenticate to the repository
(package index) with. (Can also be set via
TWINE_PASSWORD environment variable.)
--non-interactive Do not interactively prompt for username/password if
the required credentials are missing. (Can also be set
via TWINE_NON_INTERACTIVE environment variable.)
-c COMMENT, --comment COMMENT
The comment to include with the distribution file.
--config-file CONFIG_FILE
The .pypirc config file to use.
--skip-existing Continue uploading files if one already exists. (Only
valid when uploading to PyPI. Other implementations
may not support this.)
--cert path Path to alternate CA bundle (can also be set via
TWINE_CERT environment variable).
--client-cert path Path to SSL client certificate, a single file
containing the private key and the certificate in PEM
format.
--verbose Show verbose output.
--disable-progress-bar
Disable the progress bar.
Twine can read repository configuration from a .pypirc file, either in your home directory, or provided with the --config-file option. For details on writing and using .pypirc, see the specification in the Python Packaging User Guide.
Twine also supports configuration via environment variables. Options passed on the command line will take precedence over options set via environment variables. Definition via environment variable is helpful in environments where it is not convenient to create a .pypirc file (for example, on a CI/build server).
Twine can be configured to use a proxy by setting environment variables. For example, to use a proxy for just the twine command, without export-ing it for other tools:
HTTPS_PROXY=socks5://user:pass@host:port twine upload dist/*
For more information, see the Requests documentation on Proxies and requests:socks, and an in-depth article about proxy environment variables.
Instead of typing in your password every time you upload a distribution, Twine allows storing a username and password securely using keyring. Keyring is installed with Twine but for some systems (Linux mainly) may require additional installation steps.
Once Twine is installed, use the keyring program to set a username and password to use for each repository to which you may upload.
For example, to set a username and password for PyPI:
keyring set https://upload.pypi.org/legacy/ your-username
and enter the password when prompted.
For a different repository, replace the URL with the relevant repository URL. For example, for Test PyPI, use https://test.pypi.org/legacy/.
The next time you run twine, it will prompt you for a username, and then get the appropriate password from Keyring.
NOTE:
In most cases, simply not setting a password with keyring will allow Twine to fall back to prompting for a password. In some cases, the presence of Keyring will cause unexpected or undesirable prompts from the backing system. In these cases, it may be desirable to disable Keyring altogether. To disable Keyring, run:
keyring --disable
See Twine issue #338 for discussion and background.
Donald Stufft, Individual contributors
2024, Donald Stufft and individual contributors
| February 15, 2024 | 5.0 |