You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
https://docs.pypi.org/trusted-publishers/ is a thing, and is pretty nice; it lets you set some configs through your Pypi account, and then you don't have to have API keys for projects, Pypi will do secure key exchange between just that GitHub workflow, with a time limited key. Very cool.
However, our publish action does a little but more than just publishing; we check that the version number in the package matches the tag we just pushed, and we send an announcement to teams after publishing. The former is only a few lines, but the latter is very long. If we want to use trusted publishers, we should split out the teams announcement into it's own action.
The text was updated successfully, but these errors were encountered:
https://docs.pypi.org/trusted-publishers/ is a thing, and is pretty nice; it lets you set some configs through your Pypi account, and then you don't have to have API keys for projects, Pypi will do secure key exchange between just that GitHub workflow, with a time limited key. Very cool.
However, our publish action does a little but more than just publishing; we check that the version number in the package matches the tag we just pushed, and we send an announcement to teams after publishing. The former is only a few lines, but the latter is very long. If we want to use trusted publishers, we should split out the teams announcement into it's own action.
The text was updated successfully, but these errors were encountered: