Skip to content

Use trusted publisher and the official pypi job to publish releases #8601

New issue
New issue
Closed as duplicate
Closed as duplicate
Use trusted publisher and the official pypi job to publish releases#8601
Labels
MaintenanceDiscussion or action around maintaining pylint or the dev workflowMinor 💅Polishing pylint is always niceNeeds PRThis issue is accepted, sufficiently specified and now needs an implementation
Milestone
 
3.3.5
@Pierre-Sassoulas

Description

@Pierre-Sassoulas
Pierre-Sassoulas
opened on Apr 22, 2023

Current problem

We currentely use a long lived token that could potentially be compromised. 2 days ago pypi introduced a new mechanism in order to delegate trust to github, which is then authorized to request short-lived, tightly-scoped API tokens from PyPI.

Desired solution

Use pypa/gh-action-pypi-publish@release/v1 instead of what we currently have.

Additional context

https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/

Metadata

Metadata

Assignees

No one assigned

    Labels

    MaintenanceDiscussion or action around maintaining pylint or the dev workflowMinor 💅Polishing pylint is always niceNeeds PRThis issue is accepted, sufficiently specified and now needs an implementation

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions