I was looking to add code coverage to travis when I spotting hard-coded credentials in the travis config. Since it's only 2 commits I think it's easier to just do 2 reverts and reapply once we scrub the token. I also don't think we want CI pushing out pypi releases, but that might just be me.

@chupman : Ideally we would not want CI to push out into PyPi each time we push into a particular branch, or into master. I was initially planning that once we fix at branch let us say, one initial PR gets merged (Inc Codacy issues & Tests) into 0.1.0 branch, we can setup Travis to push into PyPi each time a commit is made to 0.1.0 branch or other similar branches.

The downside is that, there will be multiple overwrites of library corresponding to same version num in pypi. I don't know if that is clean way.

Or other thing we can do is, we can completely remove the configuration in travis.yml which takes care of publishing package to pypi. We can then remove the credentials and tokens from the .yml file. Once we do that, we can then make use of something external tool like Twine to publish libraries to PyPi.

If we plan to continue with second option, the problem is that each time a new version is out, the task of publishing library to PyPi becomes a manual process, and someone has to do that manually.

Let me know your thoughts?

@FlorianHockmann If properly configured I have no problem deploy with Travis. My issue is that @debasishdebs authentication token is hardcoded in travis.yml and will forever be public in the git history.

That token needs to be setup as a secret environment variable. I was hoping @debasishdebs could redo the initial push with the credentials removed and we could just delete this branch. If he can't get to it I was figuring I could roll back my commits and then amend his initial commit to update the token to take an ENV, then reapply my PRs on top.

@chupman

If properly configured I have no problem deploy with Travis

I just wanted to address @debasishdebs's comment where he argued against deploying from Travis to avoid pushing multiple packages with the same version.

@FlorianHockmann @chupman : Thanks for all the inputs guys. Sorry for my limited information which helped created such an argument. I didn't know about publishing from only tagged commits, but the same concept seems clear to me now.

I created a new PR #29 which removed hard coded credentials (Username & PWD) in commit. It also contains a fix for #21 . What would be further steps ? Once the PR #29 is merged into initial we will then delete the branch so as we don't retain any public Git history with my Credentails right? If that is the case, then branch initial will also contain my credentials. How do we purge those?

Maybe once PR #29 is merged into initial branch, we create a new branch named initial1 as copy of initial branch. Once done. We can then remove the branch initial thus removing Git history with credentials. Or will we need to do Git Rebase to remove the credentials from Git history?

Deleting initial branch so this is no longer required.