8000 [maintenance] Migrate PyPI release automation to Trusted Publishing · Issue #10256 · pylint-dev/pylint · GitHub
[go: up one dir, main page]

Skip to content 8000
[maintenance] Migrate PyPI release automation to Trusted Publishing #10256
@webknjaz

Description

@webknjaz

This will make it possible to stop keeping the long-living PyPI API token in the repository settings. Additionally, it'll allow PyPI to display more metadata as verified.
And finally, this allows publishing PEP 740 digital attestations as a part of the release (enabled by default in pypi-publish).

Configuration will require somebody with Owner privileges on PyPI to set up trust. And somebody capable of updating the Environments section of the GitHub repository settings (for setting up release flow protection).

The guide is @ https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/. Feel free to ping me to review the PR.

Metadata

Metadata

Assignees

No one assigned

    Labels

    MaintenanceDiscussion or action around maintaining pylint or the dev workflowNeeds PRThis issue is accepted, sufficiently specified and now needs an implementation

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      0