Skip to content

fix: use PYPI_API_TOKEN secret instead of OIDC for PyPI publishing#12

Merged
Venkatesh-6921 merged 1 commit into
mainfrom
feat/v3-upgrade
May 13, 2026
Merged

fix: use PYPI_API_TOKEN secret instead of OIDC for PyPI publishing#12
Venkatesh-6921 merged 1 commit into
mainfrom
feat/v3-upgrade

Conversation

@Venkatesh-6921
Copy link
Copy Markdown
Owner

@Venkatesh-6921 Venkatesh-6921 commented May 13, 2026
edited by coderabbitai Bot
Loading

Summary by CodeRabbit

  • Documentation

    • Updated publishing documentation with new authentication setup instructions for maintainers
    • Updated release notes for version 3.0.0 to reflect publishing changes
    • Added guidance on repository secret configuration

  • Chores

    • Updated continuous integration publishing workflow

Review Change Stack

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 13, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ee236e68-f5c1-4ec6-bb17-f46bd7afa193

📥 Commits

Reviewing files that changed from the base of the PR and between 40254ff and 5e9ec6a.

📒 Files selected for processing (3)
  • .github/workflows/publish.yml
  • CHANGELOG.md
  • README.md
📝 Walkthrough

Walkthrough

This PR switches PyPI publishing from OIDC trusted publishing to token-based authentication. The workflow's permissions block is removed, the publish step is updated to use secrets.PYPI_API_TOKEN, and documentation is revised to reflect the new setup requirements and configuration.

Changes

PyPI Publishing Authentication

Layer / File(s) Summary
Workflow Publishing Configuration
.github/workflows/publish.yml		 Removes the workflow-level OIDC permissions (id-token: write), updates the PyPI publish action to use password: ${{ secrets.PYPI_API_TOKEN }} for token-based authentication, and removes a preceding comment line in the changelog extraction script.
Documentation and Changelog Updates
CHANGELOG.md, README.md		 Updates changelog entries for version 3.0.0 and security notes to describe token-based publishing with PYPI_API_TOKEN. README's Publishing section is updated with new setup instructions to configure the secret under Settings → Secrets → Actions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 The token now flows where trust once lived,
No OIDC dance, just secrets that give.
GitHub holds the key with a careful hand,
PyPI awaits, across the land! 🚀

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/v3-upgrade

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@Venkatesh-6921 Venkatesh-6921 merged commit 0c81f1d into main May 13, 2026
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Venkatesh-6921