Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introducing trusted publishing #16

Merged
merged 6 commits into from
Oct 31, 2024
Merged

Introducing trusted publishing #16

merged 6 commits into from
Oct 31, 2024

Conversation

ingyhere
Copy link
Collaborator

@ingyhere ingyhere commented Oct 17, 2024
edited
Loading

Purpose

  • Implement PEP-740 Trusted Publishing to PyPi

Proposed Changes

  • Update python-publish.yml in GH Workflows directory to implement a staged trusted publishing algorithm as implemented by the PyPi Warehouse. This PEP-740-compliant SLIM implementation stages publishing to allow integrity checks tied to packaging builds with separate, repository pushes. This is forward compatible and flexible for implementers to push to multiple destinations.

Issues

Testing

@ingyhere ingyhere requested review from a team October 17, 2024 18:44
@ingyhere ingyhere self-assigned this Oct 17, 2024
nutjob4life
nutjob4life approved these changes Oct 17, 2024
View reviewed changes
Copy link

@nutjob4life nutjob4life left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh wow, trusted publishing! I was wondering how this worked. Didn't realize there was an action pypa/gh-action-pypi-publish that did it.

@nutjob4life nutjob4life self-requested a review October 17, 2024 18:54
@thomas-bc
Copy link

We have migrated to trusted publishing on F Prime a couple months ago and it is really neat!

See
https://github.com/nasa/fprime-tools/blob/devel/.github/workflows/publish.yml
https://github.com/nasa/fprime-gds/blob/devel/.github/workflows/publish.yml

@nutjob4life
Copy link

@ingyhere I noticed that this PR is in the "Draft" state; is it ready for review?

@ingyhere ingyhere changed the title Trusted publishing and documentation refresh Introducing trusted publishing Oct 31, 2024
@ingyhere
Copy link
Collaborator Author

De-scoped to focus solely on Trusted Publishing. ...

@ingyhere
Copy link
Collaborator Author

@thomas-bc wrote:

We have migrated to trusted publishing on F Prime a couple months ago and it is really neat!

Thank you. That looks fantastic, and I appreciate how it is drop-in.

In this iteration here the attempt was to make the GH Action flexible enough so that it could release on multiple repositories with some tweaking. Additionally, the id-token perms are limited to the publishing phase.

@ingyhere ingyhere marked this pull request as ready for review October 31, 2024 17:06
@ingyhere
Copy link
Collaborator Author

@nutjob4life wrote:

I noticed that this PR is in the "Draft" state ...
Ready now for review. Thanks.

ingyhere
ingyhere commented Oct 31, 2024
View reviewed changes
Copy link
Collaborator Author

@ingyhere ingyhere left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These look correct as intended.

nutjob4life
nutjob4life approved these changes Oct 31, 2024
View reviewed changes
Copy link

@nutjob4life nutjob4life left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@ingyhere ingyhere merged commit f71c590 into develop Oct 31, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomas-bc thomas-bc thomas-bc left review comments

@stirlingalgermissen stirlingalgermissen stirlingalgermissen approved these changes

@nutjob4life nutjob4life nutjob4life approved these changes

Assignees

@ingyhere ingyhere

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ingyhere @thomas-bc @nutjob4life @stirlingalgermissen @jpl-jengelke