Skip to content

v1.8.0

Marketplace
Marketplace
Compare
Choose a tag to compare
@webknjaz webknjaz released this 16 Mar 02:32
· 117 commits to unstable/v1 since this release
v1.8.0
This tag was signed with the committer’s verified signature.
webknjaz Sviatoslav Sydorenko (Святослав Сидоренко)
GPG key ID: 9345E8FEA89CA455
Learn about vigilant mode.
8ef2b3d
This commit was signed with the committer’s verified signature.
webknjaz Sviatoslav Sydorenko (Святослав Сидоренко)
GPG key ID: 9345E8FEA89CA455
Learn about vigilant mode.

The Coolest Release Ever!

In this release, @woodruffw implemented support for secretless OIDC-based publishing to PyPI-like package indexes. The OIDC flow is activated when neither username nor password action inputs are set.

The OIDC “token exchange”, is an authentication technique that PyPI (and TestPyPI, and hopefully some future others) supports as an alternative to long-lived username/password combinations or long-lived API tokens.

IMPORTANT: The PyPI-side configuration is only available to participants of the private beta test. Please, only try out the zero-config mode if you are a beta test participant having followed the PyPI configuration instructions.
It's gone GA during Python 2023 and is available to everyone now.

Setup prerequisites: https://github.com/marketplace/actions/pypi-publish#trusted-publishing
PyPI's documentation: https://pypi.org/help/#trusted-publishers
Beta test enrollment: pypi/warehouse#12965

New Contributors

Full Diff: v1.7.1...v1.8.0

Contributors

woodruffw
Assets 2
0 Join discussion