Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set up release workflow with PyPI Trusted Publishers #2150

Closed
natestemen opened this issue Jan 5, 2024 · 1 comment · Fixed by #2320
Closed

Set up release workflow with PyPI Trusted Publishers #2150

natestemen opened this issue Jan 5, 2024 · 1 comment · Fixed by #2320
Assignees
@natestemen
Labels
infrastructure For issues related to building, packaging, and continuous integration. priority/high Needs to be fixed ASAP & no later than the next milestone.
Milestone
v0.38.0

Comments

@natestemen
Copy link
Member

natestemen commented Jan 5, 2024
edited
Loading

Background

In April 2023 PyPI released a new publishing method using the OpenID Connect standard [GitHub docs]. This standard is described as

an interoperable authentication protocol based on the OAuth 2.0 framework of specifications (IETF RFC 6749 and 6750). It simplifies the way to verify the identity of users based on the authentication performed by an Authorization Server [...] Best of all, it removes the responsibility of setting, storing, and managing passwords which is frequently associated with credential-based data breaches.

More details can be found in the PyPI docs here, but because we set and store long-term passwords for use in our github actions, this is a welcome addition.

Fix

The changes required are laid out in the PyPI docs. One of the suggested changes (for increased security) is to create an environment in which the release originates. This allows for further restrictions and rules to be applied as to when the release happens. GitHub docs here.

We will also need to change code in two places to use the pypa/gh-action-pypi-publish action:

This may potentially alter our release docs as well. If so, they should be updated accordingly.
@natestemen natestemen added the infrastructure For issues related to building, packaging, and continuous integration. label Jan 5, 2024
@natestemen natestemen added this to the 0.34.0 milestone Jan 5, 2024
@natestemen natestemen self-assigned this Jan 5, 2024
@Misty-W Misty-W removed this from the 0.34.0 milestone Feb 13, 2024
@Misty-W
Copy link
Contributor

Misty-W commented Feb 13, 2024

No PR in milestone 0.34.0.

@natestemen natestemen added this to the v0.35.0 milestone Feb 20, 2024
@natestemen natestemen modified the milestones: v0.35.0, v0.36.0 Mar 29, 2024
@natestemen natestemen added the priority/high Needs to be fixed ASAP & no later than the next milestone. label Mar 29, 2024
@natestemen natestemen mentioned this issue Apr 25, 2024
Merged
3 tasks
@cosenal cosenal modified the milestones: v0.36.0, v0.37.0 May 3, 2024
@cosenal cosenal modified the milestones: v0.37.0, v0.38.0 May 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@natestemen natestemen

Labels
infrastructure For issues related to building, packaging, and continuous integration. priority/high Needs to be fixed ASAP & no later than the next milestone.
Projects
None yet
Milestone
v0.38.0
Development

Successfully merging a pull request may close this issue.

Used trusted publishers for testpypi publishing unitaryfund/mitiq
3 participants
@cosenal @natestemen @Misty-W