Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: publish with attestation #36

Merged
merged 1 commit into from
Dec 14, 2024
Merged

chore: publish with attestation #36

merged 1 commit into from
Dec 14, 2024

Conversation

displague
Copy link
Member

@displague displague commented Dec 12, 2024
edited
Loading

Based on attestation warnings in the release pipeline, this PR removes the username and password combo, as advised in the GHA warnings and here: https://github.com/pypa/gh-action-pypi-publish?tab=readme-ov-file#trusted-publishing

I've added the Trusted Publisher Management publisher profile for GitHub to the Pypi project.
https://pypi.org/manage/project/equinix/settings/publishing/

I'm leaving the token credential in GHA Secrets, for now, so that we can revert this PR and take the alternate approach of disabling attestation if there are additional hurdles in the publishing phase.

@displague
chore: publish with attestation
8f73662 
Based on attestation warnings in the release pipeline, this PR removes the username and password combo, as advised in the GHA warnings and here: https://github.com/pypa/gh-action-pypi-publish?tab=readme-ov-file#trusted-publishing

I've added the Trusted Publisher Management publisher profile for GitHub to the Pypi project.

I'm leaving the token in GHA Secrets, for now, so that we can revert this PR and take the alternate approach of disabling attestation if there are additional hurdles in the publishing phase.
@displague displague requested a review from a team as a code owner December 12, 2024 13:53
thogarty
thogarty approved these changes Dec 14, 2024
View reviewed changes
Copy link
Contributor

@thogarty thogarty left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Shipping based on comments provided in description giving the intention of reverting if process is not resolved.

@thogarty thogarty merged commit 6bfd52a into main Dec 14, 2024
6 checks passed
@thogarty thogarty deleted the attestation-releases branch December 14, 2024 03:43
@displague displague mentioned this pull request Dec 17, 2024
Open
@github-actions GitHub Actions
Copy link
Contributor

This PR is included in version 0.7.0 🎉

1 similar comment
@github-actions GitHub Actions
Copy link
Contributor

This PR is included in version 0.7.0 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thogarty thogarty thogarty approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@displague @thogarty