Skip to content

Commit

Permalink
README: replace OIDC with "trusted publishing"
Browse files Browse the repository at this point in the history
Also updates the link to reference the public documentation
for trusted publishing, rather than the PyPI short help
section (which also needs to be updated).

Signed-off-by: William Woodruff <[email protected]>
  • Loading branch information
woodruffw committed Apr 3, 2023
1 parent 69efb8c commit 4372cb5
Showing 1 changed file with 10 additions and 10 deletions.
20 changes: 10 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,33 +65,33 @@ settings page of your project on GitHub. See [Creating & using secrets].
### Publishing with OpenID Connect

> **IMPORTANT**: This functionality is in beta, and will not work for you
> unless you're a member of the PyPI OIDC beta testers' group. For more
> information, see [warehouse#12965].
> unless you're a member of the PyPI trusted publishing beta testers' group.
> For more information, see [warehouse#12965].

This action supports PyPI's [OpenID Connect publishing]
This action supports PyPI's [trusted publishing]
implementation, which allows authentication to PyPI without a manually
configured API token or username/password combination. To perform
[OIDC publishing][OpenID Connect Publishing] with this action, your project's
OIDC publisher must already be configured on PyPI.
[trusted publishing] with this action, your project's
publisher must already be configured on PyPI.

To enter the OIDC flow, configure this action's job with the `id-token: write`
permission and **without** an explicit username or password:
To enter the trusted publishing flow, configure this action's job with the
`id-token: write` permission and **without** an explicit username or password:

```yaml
jobs:
pypi-publish:
name: Upload release to PyPI
runs-on: ubuntu-latest
permissions:
id-token: write # IMPORTANT: this permission is mandatory for OIDC publishing
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
steps:
# retrieve your distributions here
- name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
```

Other indices that support OIDC publishing can also be used, like TestPyPI:
Other indices that support trusted publishing can also be used, like TestPyPI:

```yaml
- name: Publish package distributions to TestPyPI
Expand Down Expand Up @@ -268,4 +268,4 @@ https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner-direc
https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md

[warehouse#12965]: https://github.com/pypi/warehouse/issues/12965
[OpenID Connect Publishing]: https://pypi.org/help/#openid-connect
[trusted publishing]: https://docs.pypi.org/trusted-publishers/

0 comments on commit 4372cb5

Please sign in to comment.