[maintenance] Migrate PyPI release automation to Trusted Publishing #10256
Labels
Maintenance
Discussion or action around maintaining pylint or the dev workflow
Needs PR
This issue is accepted, sufficiently specified and now needs an implementation
Milestone
Comments
Pierre-Sassoulas
added
Maintenance
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This will make it possible to stop keeping the long-living PyPI API token in the repository settings. Additionally, it'll allow PyPI to display more metadata as verified.
And finally, this allows publishing PEP 740 digital attestations as a part of the release (enabled by default in
pypi-publish).Configuration will require somebody with Owner privileges on PyPI to set up trust. And somebody capable of updating the Environments section of the GitHub repository settings (for setting up release flow protection).
The guide is @ https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/. Feel free to ping me to review the PR.
The text was updated successfully, but these errors were encountered: