Skip to content

Commit

Permalink
Add trusted publishing section to distribution docs (#1800)
Browse files Browse the repository at this point in the history
  • Loading branch information
Phil-V authored Oct 9, 2023
1 parent 3fc4ae3 commit 6cad535
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions guide/src/distribution.md
Original file line number Diff line number Diff line change
Expand Up @@ -289,3 +289,13 @@ Options:
-h, --help
Print help information (use `-h` for a summary)
```

### Using PyPI's trusted publishing

By default, the workflow provided by `generate-ci` will publish the release artifacts to PyPI using API token authentication. However, maturin also supports [trusted publishing (OpenID Connect)](https://docs.pypi.org/trusted-publishers/).

To enable it, modify the `release` action in the generated GitHub workflow file:
- remove `MATURIN_PYPI_TOKEN` from the `env` section to make maturin use trusted publishing
- add `id-token: write` to the action's `permissions` (see [Configuring OpenID Connect in PyPI](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi) from GitHub's documentation).

Make sure to follow the steps listed in [PyPI's documentation](https://docs.pypi.org/trusted-publishers/adding-a-publisher/) to set up your GitHub repository as a trusted publisher in the PyPI project settings before attempting to run the workflow.

0 comments on commit 6cad535

Please sign in to comment.