Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider using trusted publishing to PyPI instead of API tokens #567

Open
danielhollas opened this issue Feb 27, 2024 · 2 comments
Open
Labels
question Further information is requested

Comments

@danielhollas
Copy link
Contributor

https://docs.pypi.org/trusted-publishers/

@danielhollas danielhollas added the question Further information is requested label Feb 27, 2024
@danielhollas
Copy link
Contributor Author

Should we relatively easy to setup for somebody with access to the PyPI account

https://pypi.org/manage/account/publishing/

image

@danielhollas
Copy link
Contributor Author

Once the setup on PyPI is complete, the workflow file should be updated according to

https://github.com/pypa/gh-action-pypi-publish?tab=readme-ov-file#trusted-publishing

Once verified that it works, the secret API tokens should be deleted from the Github Environment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

1 participant