Join our hands-on #SciPy2025 workshop led by Leah Wasser, Inessa Pawson, Carol Willing & Tetsuo Koyama.

You’ll:
Build your own Python package
Learn best practices
Publish to TestPyPI
Get packaging resources + community support

No installs needed—GitHub Codespaces works too!

July 8, 8am–12pm PT
Room 316, Greater Tacoma Convention Center

Workshop info: https://www.pyopensci.org/events/pyopensci-scipy25-create-python-package-workshop.html

More SciPy events: https://www.pyopensci.org/blog/pyopensci-at-scipy-2025.html

Learn the basics of creating a Python package!
Learn about package structure, the pyproject.toml file (metadata) adding docstrings and code and using your package.

Watch now! https://youtu.be/XAq-HnPU4XM
#Python #pythonpackaging #OpenSource #openscience

Quick Ways to Secure Your Python PyPI Publishing Workflow!

Want to keep your package safe? Follow these 3 key security steps:

Use GitHub Environments to restrict your publishing workflows
Set up PyPI Trusted Publisher instead of API tokens
Scan your workflows with zizmor (on PyPI) to identify security flaws

Read more in our latest blog post:
https://www.pyopensci.org/blog/python-packaging-security-publish-pypi.html

getting back into Python is weird because like every time I do there's a new fresh hotness to theoretically end all hotnessess re: package installation

and then the next time I get back in people are like, "that was such horseshit, this is the thing"

"wheel is bad, but poetry: so good!"
"poetry is shit, something something else is good (I dunno I kinda don't remember the name for this one)"
"we don't need that old one, we have WHEEL!"

motherfuckers

(yes, these are real things)

#techPosting #pythonLang #pythonPackaging

Registration for the pyOpenSci Open Science Fall Festival is LIVE! Join us for five incredible days, including:

Amazing keynotes
Hands-on workshops, covering Python Packaging, Quarto, and Great Tables
Office hours, a chance to get extra help, info, and clarification on workshop topics

https://bit.ly/pyosFF2024

We can't wait to see you there!

Any other #Python developers working in restricted environments? I could use some help figuring out a process for building python packages which don't require many (or any) dependencies from #PyPI

https://stackoverflow.com/q/78974383/3070534

It's release day again for setuptools-pyproject-migration! This project from @stuartl and myself helps you convert your setuptools configurations to modern standard-compliant pyproject.toml files. v0.3 brings many bug fixes; I think we are rapidly approaching the point where the thing actually works

We'd be very grateful if you try it and let us know how it works for you!

https://setuptools-pyproject-migration.readthedocs.io/en/stable/
https://github.com/diazona/setuptools-pyproject-migration

#PythonPackaging woes: I just realized one killer feature of setuptools (with setuptools_scm) which no other build backend I've used seems to have: the ability to exclude files not tracked in Git from an sdist. Which is super useful since I always have a bunch of random junk hanging out in my project development directory. Apparently I've been using hatch (with hatch-vcs) for a couple years without ever realizing it doesn't do that.

Anyone know of other backends that can do this?

#PythonPackaging woes... 99% of the time tox is a great tool, but any time I want to do something complex with it (like in this case, using the package_env option) its behavior rapidly becomes extremely confusing and often inconsistent with the documentation, as far as I can tell.

If anyone knows a good guide to using package_env or has had success with it, I'd be interested to hear about it!

new Python package alert!

Eliot Robson was kind enough to write up a blog post about their latest package, automata, which allows for the simulation of reading input and higher-level manipulation of the corresponding languages using specialized algorithms for:

Finite-state automata

Pushdown automata

Turing machines

Our latest newsletter gets into the details - be sure to check it out: https://www.linkedin.com/pulse/automata-simulation-manipulation-pyopensci-jjdvc/

This will be of extremely niche interest but why not: I'm working on how setuptools-pyproject-migration (https://github.com/diazona/setuptools-pyproject-migration) handles the `long_description`/`readme` field. In `pyproject.toml`, we can give this field in three ways:

- Filename with a content type
- Filename without a content type, but it's expected that the type will be inferred from the file's extension
- Raw string with a content type

But setuptools also allows giving the long description as a raw string with no associated content type. Q: How should that be converted to `pyproject.toml`?

- Write the string to a file with no extension, knowing that some tools will choke because they can't infer a content type
- Keep it as a string and guess a content type as per the core metadata spec (https://packaging.python.org/en/latest/specifications/core-metadata/#description-content-type), but this is difficult to implement
- Make the user specify the content type manually
- Something else?

Adding a poll b/c why not, but I'm more interested in the discussion

Python packaging can be a thorny subject, but there's no reason you have to go it alone! This week's pyOpenSci newsletter is a fantastic read from our Executive Director and Founder, @leahawasser, where she'll walk you through her latest PyCon talk: Friends don't let friends package alone!

https://www.linkedin.com/pulse/friends-dont-let-package-alone-my-python-packaging-talk-pycon-jbm3c/

Can sigtore signatures be uploaded to PyPI, and is there / would there be any use for them?

I was reading through https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ and noticed the .sigstore files were only uploaded to GitHub Releases.