-
Go to PyPI Project Settings:
- Visit https://pypi.org/manage/project/nexus-fs-python/settings/publishing/
- Or navigate: PyPI → Your Account → Manage → nexus-fs-python → Publishing
-
Add Trusted Publisher:
- Click "Add a new trusted publisher"
- Select "GitHub Actions" as publisher type
- Fill in:
- Owner:
nexi-lab - Repository:
nexus-python - Workflow filename:
.github/workflows/release.yml - Environment: (leave empty, or create a
pypienvironment in GitHub for extra security)
- Owner:
- Click "Add"
-
Update Workflow (if using environment):
- If you created a
pypienvironment in GitHub, update the workflow to use it:jobs: build-and-publish: runs-on: ubuntu-latest environment: pypi # Add this line
- If you created a
-
Re-run the workflow:
- The workflow will now use OIDC authentication automatically
- No API token needed!
If you prefer to use an API token instead:
-
Create PyPI API Token:
- Go to https://pypi.org/manage/account/token/
- Click "Add API token"
- Name:
nexus-python-release - Scope: "Entire account" or project-specific
- Copy the token (starts with
pypi-)
-
Add to GitHub Secrets:
- Go to: https://github.com/nexi-lab/nexus-python/settings/secrets/actions
- Click "New repository secret"
- Name:
PYPI_API_TOKEN - Value: Your token (e.g.,
pypi-AgEIcHJ...) - Click "Add secret"
-
Update Workflow:
- The workflow already has
password: ${{ secrets.PYPI_API_TOKEN }} - But we need to explicitly disable trusted publishing:
- name: Publish to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: password: ${{ secrets.PYPI_API_TOKEN }} # Explicitly disable trusted publishing trusted-publisher: false
- The workflow already has
The workflow is currently configured to:
- Use trusted publishing (OIDC) if available
- Fall back to
PYPI_API_TOKENif provided
The error indicates trusted publishing is not configured, so you need to either:
- Set up trusted publishing on PyPI (Option 1 - recommended)
- Or ensure
PYPI_API_TOKENsecret exists and modify workflow to explicitly use it