Jupyter PyPI Trusted Publishers
blink1073 opened this issue · comments
Steven Silvester commented
As mentioned in the meeting yesterday, we should consider using PyPI Trusted Publishers for Jupyter Projects.
I ran an experiment using my test-python-project repository. I made a release to the Test PyPI instance using my main account, and then one using a backup account, that does not have a login to Test PyPI.
Here is what the PyPI security log looks like:
Here is the deployment log from the repo:
The publish permissions would move from PyPI to the Environment Permissions on the repository: