Skip to content

ci: use trusted publishing for PyPI#1256

Open
MilesCranmerBot wants to merge 1 commit into
astroautomata:masterfrom
MilesCranmerBot:bot/trusted-publishing
Open

ci: use trusted publishing for PyPI#1256
MilesCranmerBot wants to merge 1 commit into
astroautomata:masterfrom
MilesCranmerBot:bot/trusted-publishing

Conversation

@MilesCranmerBot

@MilesCranmerBot MilesCranmerBot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Closes #1182.

Removes the PyPI API-token passwords from the publishing steps so pypa/gh-action-pypi-publish uses Trusted Publishing/OIDC. The workflows already had the required environment: pypi and id-token: write permissions.

Validation:

  • parsed both changed workflow YAML files with Python/PyYAML
  • verified no PYPI_API_TOKEN password fields remain in the changed publish workflows
  • ponytail review passed

Maintainer note: PyPI and Test PyPI Trusted Publishers need to be registered for this workflow/environment before the next release publish.

Co-authored-by: Miles Cranmer <miles.cranmer@gmail.com>
@codecov

codecov Bot commented Jul 7, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Switch release-please.yml to PyPI Trusted Publishing (OIDC)

1 participant