From 240a73b978d52b0033b352846b34bb64cb12b6db Mon Sep 17 00:00:00 2001 From: "Storm B. Heg" Date: Thu, 25 Sep 2025 16:03:57 +0200 Subject: [PATCH 1/2] Add question about NPM package url to transfer project in issue template --- .github/ISSUE_TEMPLATE/transfer-project-in.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/transfer-project-in.yml b/.github/ISSUE_TEMPLATE/transfer-project-in.yml index 4b5d2de..a72b233 100644 --- a/.github/ISSUE_TEMPLATE/transfer-project-in.yml +++ b/.github/ISSUE_TEMPLATE/transfer-project-in.yml @@ -50,6 +50,14 @@ body: options: - label: Does the project have a test.pypi.org project? - label: Would you like to test your deployments with uploads to test.pypi.org (you'll need to create the project first)? + - type: input + id: javascript-package-url + attributes: + label: If the project has a JavaScript component published separately to a registry like NPM, what's the URL to that package? + description: Most projects bundle their JavaScript together with the Python package on PyPI -- so this question likely does not apply to you in -- but some projects have a separate JavaScript package that is published to npm. If your project does this, please provide the URL. If not, you can leave this blank. + placeholder: "https://www.npmjs.com/package/your-package-name" + validations: + required: false - type: markdown attributes: value: | From f7490a56ab36b404d9a2840a507b5668d207975c Mon Sep 17 00:00:00 2001 From: "Storm B. Heg" Date: Thu, 25 Sep 2025 16:04:24 +0200 Subject: [PATCH 2/2] Document requirements around control over NPM packages --- incoming_repo_requirements.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/incoming_repo_requirements.md b/incoming_repo_requirements.md index 3c637dd..c7c23ee 100644 --- a/incoming_repo_requirements.md +++ b/incoming_repo_requirements.md @@ -17,7 +17,8 @@ be transferred in. 5. Adopt [Django Commons's Code of Conduct](#code-of-conduct) 6. After transferring, switch to [PyPI's "Trusted Publisher"](https://docs.pypi.org/trusted-publishers/) process (see [example in django-commons-playground](https://github.com/django-commons/django-commons-playground/blob/main/.github/workflows/release.yml)) -7. django-commons should be added as maintainer to the readthedocs project +7. If there is a JavaScript component published separately to NPM, it needs to be transferred to a new team under the [django-commons npm organization](https://www.npmjs.com/org/django-commons) and automated releases are to be set using [npm trusted publishing](https://docs.npmjs.com/trusted-publishers). If the project is already scoped under a different organization (`@your-org/your-package), this unfortunately means that package will need to be deprecated and a new package created, preferably without a scope, as there is no way to transfer packages between scopes on npm. +8. django-commons should be added as maintainer to the readthedocs project ## Repository requirements @@ -46,6 +47,7 @@ be transferred in. - **[Required]** The repository will be transferred to the [django-commons GitHub organization](https://github.com/django-commons) - **[Required]** The Django Commons PyPI admin team (`cunla` and `stormheg`) is added as owners to PyPI and Test PyPI projects - **[Required]** Any previous maintainers who are not repository admins are removed as owners on PyPI and Test PyPI projects +- **[Required]** If applicable, any separately published JavaScript package is transferred to the [django-commons npm organization](https://www.npmjs.com/org/django-commons) and any previous maintainers who are not repository admins are removed as owners. Two factor authentication must be enabled. The current maintainers must be willing to hand over control of the PyPI project. The Django Commons admins team and the