Metadata-Version: 2.1
Name: secure_package_template
Version: 0.1.0
Summary: Template for a Python package with a secure project host and package repository configuration.
Author-email: Seth Michael Larson <sethmichaellarson@gmail.com>
Requires-Python: >=3.7,<4
Description-Content-Type: text/markdown
Project-URL: Home, https://github.com/sethmlarson/secure-python-package-template

# Secure Python package template

Template for a Python package with a secure
project host and package repository configuration.

## Configuring your package repository

- Upload a dummy v0.0 package under the desired package name using your PyPI username and password.
- Create an API token that is scoped to only the package
- Copy the value into your clipboard, it will be used later.

## Configuring your project host

### Protected branches

### Protected tags

- Settings > Tags > New rule
- Use a pattern of `*`, even if you have a pattern like `vX.Y.Z`.
- Select "Add rule"

### Publish GitHub Environment

- Settings > Environments > New Environment
- Name the environment: `publish`
- Add required reviewers, should be maintainers
- Select "Save protection rules" button
- Select "Protected Branches" in the deployment branches dropdown
- Select "Add secret" in the environment secrets section
- Add the PyPI API token value under `PYPI_TOKEN`

## License

CC0-1.0

