Use pypi api token instead of account/password

[Lee-W]

@woile We're currently using your pypi account/password for publishing commitizen to PyPI. [1] Do you think we should use API token instead to avoid exposing your credentials?

[1] https://github.com/commitizen-tools/commitizen/blob/master/scripts/publish#L2
[2] https://pypi.org/help/#apitoken
[3] https://github.com/pycontw/pycontw-postevent-report-generator/blob/master/.github/workflows/python-publish.yaml#L35

[woile]

I'll take care soon, thanks Lee

We should also update the docs explaining how to upload a package: https://commitizen-tools.github.io/commitizen/tutorials/github_actions/#publishing-a-python-package

[Lee-W]

I just update the documentation. 🙂 I'm considering pypa/gh-action-pypi-publish as a reference as well. It's not necessary for us since we're using poetry. But it could be a great option for those using setup.py However, I'm thinking of whether it will make the document too complicate to read. What do you think?

[woile]

We can add a recommendation for the github action.
But poetry and twine require one line to publish the package. And because username is the string "token" and the password (token) is set as a secret, there's not much complexity, is used as a normal upload.

What I actually noticed is that we should specify that the example is specifically for python.

[Lee-W]

The title of that section is "Publishing a python package". It seems to be clear for me.

[woile]

Perfect, I had a brain fart haha

[woile]

we are now using access_token 🎉