Publish Python packages in Azure Pipelines
You can publish Python packages produced by your build to:
- Azure Artifacts
- Other repositories such as
https://pypi.org/
To publish Python packages produced by your build, you'll use twine, a widely used tool for publishing Python packages. This guide covers how to do the following in your pipeline:
- Install
twine
on your build agent - Authenticate
twine
with your Azure Artifacts feeds - Use a custom task that invokes
twine
to publish your Python packages
Install twine
First, you'll need to run pip install twine
to ensure the build agent has twine
installed.
- script: 'pip install twine'
Check out the script YAML task reference for the schema for this command.
Authenticate Azure Artifacts with twine
To use twine
to publish Python packages, you first need to set up authentication. The Python Twine Authenticate task stores your authentication credentials in an environment variable (PYPIRC_PATH
). twine
will reference this variable later.
To authenticate with twine
, add the following snippet to your azure-pipelines.yml file.
The example below will enable you to authenticate to a list of Azure Artifacts feeds as well as a list of service connections from external organizations. If you need to authenticate to a single feed, you must replace the following arguments: artifactFeeds
and externalFeeds
with artifactFeed
and externalFeed
and specify your feed name accordingly.
- task: TwineAuthenticate@1
inputs:
artifactFeeds: 'feed_name1, feed_name2'
externalFeeds: 'feed_name1, feed_name2'
- artifactFeeds: a list of Azure Artifacts feeds within your organization. If you only have one Azure Artifacts feed, use artifactFeed (singular) instead.
- externalFeeds: a list of service connections from external organizations including PyPI or feeds in other organizations in Azure DevOps.
Tip
The authentication credentials written into the PYPIRC_PATH
environment variable supersede those in your .ini and .conf files.
If you add multiple Python Twine Authenticate tasks at different times in your pipeline steps, each additional build task execution will extend (not override) the existing PYPIRC_PATH
environment variable.
Use a custom twine task to publish
After you've set up authentication with the preceding snippet, you can use twine
to publish your Python packages. The following example uses a custom command-line task.
- script: 'twine upload -r {feedName/EndpointName} --config-file $(PYPIRC_PATH) {package path to publish}'
Check out the YAML schema reference for more details on the script
keyword.
Warning
We strongly recommend NOT checking any credentials or tokens into source control.