feat(release): PyPI Trusted Publishing on tag push (#1951)#1986
Open
mvillmow wants to merge 1 commit into
Open
feat(release): PyPI Trusted Publishing on tag push (#1951)#1986mvillmow wants to merge 1 commit into
mvillmow wants to merge 1 commit into
Conversation
#1951) release.yml now builds sdist+wheel and publishes to PyPI via pypa/gh-action-pypi-publish using OIDC (no API token required). TestPyPI dry-run available via workflow_dispatch. One-time PyPI project setup documented in docs/dev/release.md. Resolves the gap where pyproject.toml advertised PyPI-ready metadata but no publish workflow existed. Closes #1951 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
pyproject.tomladvertised PyPI-ready metadata (hatchling, classifiers, scripts, urls) but no publish workflow existed —pip install scylladid not work.This PR closes the gap by adding PyPI Trusted Publishing (OIDC) to
release.yml:pypa/build(artifact uploaded for inspection, 7-day retention)pypa/gh-action-pypi-publish@release/v1using OIDC — noPYPI_API_TOKENsecret requiredworkflow_dispatchwithtestpypi=trueinputdocs/dev/release.mddocuments the one-time PyPI project setup step-by-stepWorkflow changes
buildv*publish-pypiv*(afterbuild)pypipublish-testpypiworkflow_dispatch+testpypi=trueOne-time setup required (outside this PR)
A maintainer must:
scyllaproject on PyPI (and TestPyPI for dry runs)HomericIntelligence, repo=ProjectScylla, workflow=release.yml, environment=pypipypiandtestpypiin repo SettingsSee
docs/dev/release.mdfor the complete step-by-step instructions.Security
PYPI_API_TOKENor other credentials are referenced in the workflowid-token: writepermission is scoped only to the publish jobspypa/gh-action-pypi-publishis pinned to a specific commit SHACloses #1951
🤖 Generated with Claude Code