Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate replacing API token with Trusted Publisher configuration #700

Open
seifertm opened this issue Dec 3, 2023 · 0 comments
Open

Investigate replacing API token with Trusted Publisher configuration #700

seifertm opened this issue Dec 3, 2023 · 0 comments
Labels
enhancement

Comments

@seifertm
Copy link
Contributor

seifertm commented Dec 3, 2023

The PyPI Upload step in the Deploy job of the CI pipeline currently uses an API token to upload packages to PyPI. The CI step emits the following warning:

Warning: Trusted Publishers allows publishing packages to PyPI from automated environments like GitHub Actions without needing to use username/password combinations or API tokens to authenticate with PyPI. Read more: https://docs.pypi.org/trusted-publishers

It is to be decided whether the API token should be kept or PyPI should be configure to trust the GitHub OIDC token, instead.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@seifertm