`hatch publish` and `twine upload` not recognizing `.pypirc` credentials

[idanmoradarthas]

Description

When attempting to publish the package to PyPI using either hatch publish or twine upload dist/*, I'm being prompted to enter username and password despite having a .pypirc file with API token credentials.

Root Cause

The .pypirc file is located in the project folder, but both Hatch and Twine expect it to be in the user's home directory by default:

• Windows: %USERPROFILE%\.pypirc (e.g., C:\Users\YourUsername\.pypirc)
• Linux/Mac: ~/.pypirc

Additionally, the .pypirc uses a custom index server name [data-science-utils] instead of the standard [pypi] name.

Current .pypirc Configuration

Located in project folder:

[distutils]
index-servers =
    data-science-utils

[data-science-utils]
repository = https://upload.pypi.org/legacy/
username = __token__
password = pypi-<actual-token>

Proposed Solutions

Option 1: Move .pypirc to Home Directory (Standard Approach)

1. Move .pypirc from project folder to home directory
2. Update the configuration to use standard [pypi] name:

[distutils]
index-servers =
    pypi

[pypi]
repository = https://upload.pypi.org/legacy/
username = __token__
password = pypi-<actual-token>

3. Add .pypirc to .gitignore (if not already present)
4. Keep using hatch publish in deploy-pypi.bat

Pros: Standard convention, works with all tools
Cons: Requires moving file outside project directory

Option 2: Use Twine with Custom Config File (Recommended for Project-Local Credentials)

Update deploy-pypi.bat to use Twine's --config-file flag:

IF EXIST dist rmdir /s /q dist
hatch build
twine upload --config-file .pypirc dist/*

Update .pypirc to use standard [pypi] name:

[distutils]
index-servers =
    pypi

[pypi]
repository = https://upload.pypi.org/legacy/
username = __token__
password = pypi-<actual-token>

Pros: Keeps credentials in project folder, works with existing setup
Cons: Relies on Twine instead of Hatch for publishing
Note: Hatch does not support custom .pypirc locations

Option 3: Use Environment Variables with Hatch

Update deploy-pypi.bat:

IF EXIST dist rmdir /s /q dist
hatch build
set HATCH_INDEX_USER=__token__
set HATCH_INDEX_AUTH=pypi-<actual-token>
hatch publish

Pros: No config file needed, keeps using Hatch
Cons: Token in script file (must be kept secure)

Option 4: Use System Keyring

Install and configure keyring:

pip install keyring
keyring set https://upload.pypi.org/legacy/ __token__

Then enter the token when prompted. After that, hatch publish will use the keyring automatically.

Pros: Most secure, credentials stored in system keyring
Cons: Requires one-time manual setup per machine

Recommendation

Use Option 2 (Twine with --config-file) since:

• Twine is already in dev dependencies
• Allows keeping .pypirc in project folder (just ensure it's in .gitignore)
• Simple one-line change to deploy-pypi.bat
• Works immediately without additional setup

Action Items

• Decide on preferred solution approach
• Update .pypirc section name from [data-science-utils] to [pypi]
• Verify .pypirc is in .gitignore
• Update deploy-pypi.bat based on chosen solution
• Test publishing workflow

[idanmoradarthas]

Solution: Use UV for Publishing

Great news! With the migration to uv in PR #86, we can solve this .pypirc credential issue. uv has built-in publishing capabilities that properly recognize .pypirc files in the project directory.

✅ Recommended Solution: UV Publish with Project .pypirc

Update .pypirc (keep it in project root):

Change the section name from [data-science-utils] to [pypi]:

[distutils]
index-servers =
    pypi
[pypi]

repository = https://upload.pypi.org/legacy/

username = token

password = pypi-<actual-token>

Update deploy-pypi.bat:

@echo off
IF EXIST dist rmdir /s /q dist
uv build
uv publish --config-file .pypirc

That's it! Much simpler than the current setup.

Why This Works:

1. Keeps .pypirc in project - No need to move to home directory
2. UV respects --config-file - Explicitly tells UV where to find credentials
3. Native UV workflow - Uses the same tool for development, testing, and publishing
4. Faster builds - uv build is significantly faster than hatch build
5. One tool - Eliminates the need for both hatch and twine in dependencies

Important: Update .pypirc Section Name

The key fix is changing from [data-science-utils] to [pypi]. UV (like twine and hatch) expects the standard [pypi] name by default.

Alternative: Environment Variable Override

If you want to keep the custom section name [data-science-utils], you can specify it:

@echo off
IF EXIST dist rmdir /s /q dist
uv build
uv publish --config-file .pypirc --publish-url https://upload.pypi.org/legacy/

But using the standard [pypi] name is cleaner.

Cleanup After Implementation:

Once you implement UV publishing, you can:

1. ✅ Remove hatch from dev dependencies (already done in PR Migrate CI to use uv and uvx #86)
2. ✅ Remove twine from dev dependencies
3. ✅ Keep .pypirc in project root (ensure it's in .gitignore)

Migration Steps:

1. Merge PR Migrate CI to use uv and uvx #86 (UV migration)
2. Update .pypirc section name to [pypi]
3. Update deploy-pypi.bat to use uv build and uv publish --config-file .pypirc
4. Verify .pypirc is in .gitignore
5. Remove twine from [tool.uv.dev-dependencies] in pyproject.toml
6. Test the publishing workflow

Benefits Over Current Approach:

Aspect	Current (Hatch/Twine)	With UV
Tools needed	hatch + twine	uv only
Build speed	Moderate	~10x faster
.pypirc location	Not recognized	Explicitly specified
Setup complexity	Multiple tools	Single command
Section name issue	Custom name fails	Standard [pypi] works

This solution aligns perfectly with the UV migration in PR #86 and provides a modern, streamlined publishing workflow while keeping your .pypirc file in the project directory.

---

Status Update: Since PR #86 is migrating the entire project to UV, implementing the UV-based publishing solution is the most consistent approach with the new tooling.