Skip to content
Commit a008ec81 authored by Bjorn Neergaard's avatar Bjorn Neergaard
Browse files

ci/release: implement trusted publishing 

Completely rewrite the release workflow. There are a couple key
differences now:
* Releases are triggered by GitHub releases; which can refer to an
  existing tag, or create one on the fly.
* Credentials are no longer needed to perform a release, instead we use
  the PyPI trusted publishing flow.
* The build and upload tasks are split to ensure the credentials are
  safeguarded.
* Uploads require approval from one other maintainer (beyond the person
  who triggered the build).

Note that PyPI will only accept uploads from the 'pypi' environment,
triggered in this workflow file.
parent 1387b75a
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment