Skip to content

Change PyPI publishing to use trusted publishing instead of API key #119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kesmit13 merged 1 commit into from
Jan 27, 2026
Merged

Change PyPI publishing to use trusted publishing instead of API key #119

kesmit13 merged 1 commit into from
Jan 27, 2026

Conversation

@kesmit13
Copy link
Collaborator

@kesmit13 kesmit13 commented Jan 26, 2026

Replace twine-based PyPI publishing with OIDC-based trusted publishing using the pypa/gh-action-pypi-publish GitHub Action.

Changes:

  • Add permissions block with id-token: write for OIDC
  • Add environment block referencing the 'publish' environment
  • Remove twine installation step
  • Replace twine upload with gh-action-pypi-publish action

@kesmit13 kesmit13 requested review from Copilot and removed request for srinathnarayanan January 26, 2026 21:39
Copilot AI reviewed Jan 26, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the release workflow to publish distributions to PyPI via OIDC trusted publishing instead of using a stored PyPI API token (twine).

Changes:

  • Adds id-token: write permissions to enable OIDC trusted publishing.
  • Adds a publish environment configuration for the publishing job.
  • Replaces twine-based upload (and twine install) with pypa/gh-action-pypi-publish.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@kesmit13 @claude
Update publish workflow to use PyPI trusted publishing
49ee47d 
Replace twine-based PyPI publishing with OIDC-based trusted publishing
using the pypa/gh-action-pypi-publish GitHub Action.

Changes:
- Add permissions block with id-token: write for OIDC
- Add environment block referencing the 'publish' environment
- Remove twine installation step
- Replace twine upload with gh-action-pypi-publish action

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@kesmit13 kesmit13 merged commit 20f7e40 into main Jan 27, 2026
16 of 17 checks passed
@kesmit13 kesmit13 deleted the trusted-publishing branch January 27, 2026 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kesmit13