Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use PyPI trusted publisher authentication #33

Merged
merged 6 commits into from
Nov 10, 2024
Merged

fix: use PyPI trusted publisher authentication #33

merged 6 commits into from
Nov 10, 2024

Conversation

Bjarten
Copy link
Owner

@Bjarten Bjarten commented Nov 10, 2024
edited
Loading

Updates the GitHub Actions publish workflow to use PyPI's Trusted Publisher authentication instead of token-based authentication. This change improves security by:

  • Removing the need to store PyPI tokens in GitHub secrets
  • Using OpenID Connect (OIDC) for secure authentication
  • Leveraging PyPI's recommended authentication method for GitHub Actions

Changes

  • Removed token-based authentication (TWINE_USERNAME and TWINE_PASSWORD)
  • Added required id-token: write permission for OIDC
  • Switched from manual twine upload to pypa/gh-action-pypi-publish action

@Bjarten Bjarten changed the title Fix: Update publish workflow fix: use PyPI trusted publisher authentication Nov 10, 2024
@Bjarten Bjarten merged commit 3a0d9b8 into main Nov 10, 2024
6 of 7 checks passed
@Bjarten Bjarten deleted the fix/pip-publish branch November 10, 2024 09:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Bjarten