Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch to PyPI Trusted Publishing, remove twine #614

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

GenevieveBuckley
Copy link
Collaborator

Closes #613

This PR switches to PyPI deployment with Trusted Publishing (see the announcement and how trusted publishing works). It removes twine, and also removes the need for PyPI API tokens being used as github secrets.

This PR is not sufficient on its own, we (well, probably Constantin) also need to:

id-token: write
environment:
name: pypi
url: https://pypi.org/p/<your-pypi-project-name>
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This URL needs to be fixed before this PR is merged.
I assume that <your-pypi-project-name> is micro-sam? Can someone confirm?

@GenevieveBuckley GenevieveBuckley marked this pull request as draft May 23, 2024 07:03
@GenevieveBuckley
Copy link
Collaborator Author

I'm marking this PR as a draft, until:

  1. The url on line 70 of release_drafter.yml is fixed (see this comment), and...
  2. PyPI Trusted Publishing has been enabled (see https://docs.pypi.org/trusted-publishers/adding-a-publisher/). I don't have access to do this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Switch PyPI deploy method to use trusted publisher
1 participant