Release 1.0.0

[mahenzon]

Closes #65

To match source code and release I suggest using automatic releases

pls add PYPI_PASSWORD to repo's secrets and create a new release, package be automatically deployed to pypi

I suggest updating version to 1.0.0

[maxcountryman]

Thanks for this!

I'm not super comfortable using my PyPI password for this--could we do something like what Flask-SeaSurf is doing instead?

[mahenzon]

you don't need to use your real password for PYPI, you need to generate auth token:

We strongly recommend you authenticate with an API token where possible.
To make an API token:
- Verify your email address (check your account settings)
- In your account settings, go to the API tokens section and select "Add API token"

To use an API token:
- Set your username to __token__
- Set your password to the token value, including the pypi- prefix

https://pypi.org/help/#apitoken

you can limit scope for each token so it has access only to the selected repo

I think you're confused with PYPI_PASSWORD but it's api token (in flask-seasurf it's the same thing but is called PYPI_API_TOKEN). pls take a look at the action, __token__ auth is used there

I can rename it for your convenience if you'd like

[mahenzon]

@maxcountryman hey!

still waiting your action here
you need to:

1. merge this branch into master
2. add PYPI_PASSWORD secret with pypi api token which has write (update) access to the flask-bcrypt repo
3. tag commit with 1.0.0
4. create a new release here on github

this will take like 5-7m max

[maxcountryman]

Thanks @mahenzon--do you mind updating this so it mirrors the configuration in Flask-SeaSurf? That'll help limit the mental overhead required to maintain these repos.

[mahenzon]

you mean changing PYPI_PASSWORD to PYPI_API_TOKEN?
or also use pypa/gh-action-pypi-publish? inside it also twine upload is triggered so technically publish process is the same

[maxcountryman]

I think you could just copy the workflow from Flask-SeaSurf and update accordingly for this repo, if that's helpful. That way it's reusing the same Action, etc.

[mahenzon]

ok, upgraded the action

now steps are:

1. merge this branch into master
2. add PYPI_API_TOKEN to repo's secrets with write (update) access to the flask-bcrypt repo
3. add tag to the latest commit (tag it with 1.0.0) - release action will be triggered

[mahenzon]

hey @maxcountryman , it's the final push and this issue will be resolved. three steps to do, doable even from mobile 🙏

[mahenzon]

@maxcountryman 👀

[mahenzon]

🤔

[mahenzon]

🧐

[mahenzon]

Max, at first I wanna say that I hope you're doing well

Flask-Bcrypt at pypi was Released: Oct 6, 2015. This repo got some updates from users, but there were no releases for more than 5 years.

The only thing stopping this repo from being updated now is you adding secret key for pypi releases and merging this branch.
I can do it as well. For this you can add me as maintainer here (at this repo) and also add me as maintainer/owner at repo's settings: https://pypi.org/manage/project/Flask-Bcrypt/collaboration/ (here's my profile https://pypi.org/user/mahenzon/)
This PR is active for 3 weeks already, but the solution is like 5 minutes or so

[maxcountryman]

@mahenzon would you kindly stop pinging me about this? I'll get to it when I have the time and your many messages aren't encouraging me to prioritize this.

[mahenzon]

Hey!
I think it's not about having free time, but about having (or not having) an aspiration to do this. It's literally only about hitting "merge", adding a token to secrets and pushing a new tag (a new tag can be added via GitHub releases) - this all can be done while commuting/being in an elevator/waiting for lunch/etc. Our conversation already took more than that time plus time I spent on adding a GitHub action/workflow file and time I spent on updating it to meet your requirements.
This repo is marked as "Used by 23k" - we can see that this library is used by a lot of people. When I opened this pull request this number was 19k or 21k (cannot remember now). And people use the outdated version.

So could you please grant me access to this repo and at pypi so I can finally release what's already been here for years in the master branch?

[maxcountryman]

Thank you I appreciate your concerns but there's nothing stopping you from using mainline (as others do).

I'm going to close this because I already mentioned that your multiple messages were sufficient and it's not okay to continue to demand anyone's time, however little you perceive the cost.

If you'd like to arrange to pay me to do this work for you then I'd be happy to share my daily rate with you.