Use (test)pypi in Trusted Publishing placeholder for GitHub Environments (#17036)

* Use `(test)pypi` in Trusted Publishing placeholder for GitHub Environments

GitHub Environments is a confusingly explained feature within GitHub that represents deployment targets. When projects get uploaded to PyPI — that a deployment target; same for TestPyPI. They don't represent processes but server-like entities. So using `release` is conceptually incorrect and gives people the wrong idea of what it is.

This is actually connected to Deployments API (and corresponding events) on the GitHub platform. The name Environments is just a misleading interface to describe Deployments that appears in some parts of the ecosystem, like GitHub Actions CI/CD.

In other places, it's called deployments and there's even a tab in repositories using it: https://github.com/cherrypy/cheroot/deployments/pypi. Each deployment can be linked to the corresponding released project version URL.

This patch attempts to align the practices with those used in the PyPUG guide and GitHub docs: actions/starter-workflows#2345.

* Suggest `pypi` GitHub Environment @ `adding-a-publisher.md` doc

* Suggest `pypi` GitHub Environment @ `creating-a-project-through-oidc.md` doc

* Suggest `pypi` GitHub Environment @ `internals.md` doc

* Suggest `pypi` GitHub Environment @ `using-a-publisher.md` doc

* `make translations`

Signed-off-by: William Woodruff <[email protected]>

---------

Signed-off-by: William Woodruff <[email protected]>
Co-authored-by: William Woodruff <[email protected]>
Co-authored-by: Dustin Ingram <[email protected]>

Author: 3 people

docs/user/trusted-publishers/adding-a-publisher.md

@@ -32,7 +32,7 @@ each.
 
     For example, if you have a project at `https://github.com/octo-org/sampleproject`
     that uses a publishing workflow defined in `.github/workflows/release.yml`
-    and a custom environment named `release`, then you'd do the following:
+    and a custom environment named `pypi`, then you'd do the following:
 
     ![Image showing adding a new GitHub publisher](/assets/trusted-publishing/github/project-publishing-form.png)
 

docs/user/trusted-publishers/creating-a-project-through-oidc.md

@@ -38,7 +38,7 @@ provide the name of the PyPI project that will be created.
 
     If you have a repository at
     `https://github.com/octo-org/sampleproject` with a release workflow at
-    `release.yml` and an environment named `release` that you would like to publish
+    `release.yml` and an environment named `pypi` that you would like to publish
     to PyPI as `sampleproject`, then you would do the following:
 
     ![Image showing adding a new GitHub publisher](/assets/trusted-publishing/github/pending-publisher-form-filled.png)

docs/user/trusted-publishers/internals.md

@@ -38,7 +38,7 @@ In the context of trusted publishing, the machinery is as follows:
 
     * For example, a trusted publisher configuration for GitHub Actions might
       specify `repo: octo-org/example` with `workflow: release.yml` and
-      `environment: release`, indicating that a presented OIDC token **must**
+      `environment: pypi`, indicating that a presented OIDC token **must**
       contain exactly those claims to be considered valid.
 
     * When applicable, PyPI also checks claims that prevent

docs/user/trusted-publishers/using-a-publisher.md

@@ -26,7 +26,7 @@ below describe the setup process for each supported trusted publisher.
         name: upload release to PyPI
         runs-on: ubuntu-latest
         # Specifying a GitHub environment is optional, but strongly encouraged
-        environment: release
+        environment: pypi
         permissions:
           # IMPORTANT: this permission is mandatory for trusted publishing
           id-token: write
@@ -46,7 +46,7 @@ below describe the setup process for each supported trusted publisher.
         name: upload release to PyPI
         runs-on: ubuntu-latest
     +    # Specifying a GitHub environment is optional, but strongly encouraged
-    +    environment: release
+    +    environment: pypi
     +    permissions:
     +      # IMPORTANT: this permission is mandatory for trusted publishing
     +      id-token: write

warehouse/locale/messages.pot

@@ -4481,13 +4481,6 @@ msgstr ""
 msgid "(optional)"
 msgstr ""
 
-#: warehouse/templates/manage/account/publishing.html:118
-#: warehouse/templates/manage/account/publishing.html:224
-#: warehouse/templates/manage/project/publishing.html:109
-#: warehouse/templates/manage/project/publishing.html:201
-msgid "release"
-msgstr ""
-
 #: warehouse/templates/manage/account/publishing.html:124
 #: warehouse/templates/manage/project/publishing.html:115
 #, python-format
@@ -4575,6 +4568,12 @@ msgid ""
 "pipelines are not supported)."
 msgstr ""
 
+#: warehouse/templates/manage/account/publishing.html:224
+#: warehouse/templates/manage/project/publishing.html:109
+#: warehouse/templates/manage/project/publishing.html:201
+msgid "release"
+msgstr ""
+
 #: warehouse/templates/manage/account/publishing.html:226
 #: warehouse/templates/manage/project/publishing.html:203
 #, python-format

warehouse/templates/manage/account/publishing.html

@@ -115,7 +115,7 @@
         {% endif %}
       </label>
       {{ pending_github_publisher_form.environment(
-        placeholder=gettext("release"),
+        placeholder="testpypi" if testPyPI else "pypi",
         class_="form-group__field",
         autocomplete="off",
         aria_describedby="environment-errors",