Skip to content

release: Use PyPI Trusted Publishing #2371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 8, 2023
Merged

release: Use PyPI Trusted Publishing #2371

merged 1 commit into from
May 8, 2023

Conversation

jku
Copy link
Member

@jku jku commented Apr 27, 2023

Instead of using the secret stored in environment secrets, allow the publish action to use the OIDC identity to authenticate to pypi.org. This repository/workflow/environment combo has been marked as a "Trusted Publisher" in pypi.org: this means PyPI should give the publish action a short lived token to use for publishing.

This enables #2370: but the secret should still be removed before closing the issue (maybe after one successful release with Trusted Publishing).

@jku
release: Use PyPI Trusted Publishing
53c2806 
Instead of using the secret stored in environment secrets, allow the
publish action to use the OIDC identity to authenticate to pypi.org.
This repository/workflow/environment has been marked as a "Trusted
Publisher" in pypi.org: this means PyPI should give the publish action a
short lived token to use for publishing.

This enables theupdateframework#2370: but the secret should still be removed before
closing the issue (maybe after one successful release with Trusted
Publishing).

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@coveralls
Copy link

Pull Request Test Coverage Report for Build 4819924658

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 97.692%
Totals Coverage Status
Change from base Build 4806187861: 0.0%
Covered Lines: 1320
Relevant Lines: 1343
💛 - Coveralls

@jku jku mentioned this pull request Apr 27, 2023
Closed
5 tasks
@jku jku mentioned this pull request May 5, 2023
Closed
lukpueh
lukpueh approved these changes May 8, 2023
View reviewed changes
Copy link
Member

@lukpueh lukpueh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Cross-checked with PyPI docs and our PyPI project config.

This requires: #2376 to work.

@lukpueh lukpueh merged commit 209f872 into theupdateframework:develop May 8, 2023
@coveralls
Copy link

coveralls commented Dec 27, 2024
edited
Loading

Pull Request Test Coverage Report for Build 4819924658

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.001%) to 97.693%
Totals Coverage Status
Change from base Build 4806187861: 0.001%
Covered Lines: 1321
Relevant Lines: 1344
💛 - Coveralls

@jku jku deleted the trusted-publisher branch December 30, 2024 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukpueh lukpueh lukpueh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jku @coveralls @lukpueh