Open ingyhere opened 1 month ago
@ingyhere This is great! Thanks for your contribution. slim-cli
(https://pypi.org/project/slim-cli/) would benefit directly from TP. I'd be happy to be a tester for your documentation.
A few questions:
Excellent. I'm still testing, waiting for a break in my project when we have resources available to troubleshoot if there are any issues. We should have it wrapped up within two weeks.
Yes, that's the plan. It will be integrated with the Python Starter Kit as soon as it's tested.
I haven't thought much yet about it. I suspect it could be a separate guide. But I plan to modify the Python Starter Kit docs to integrate it.
Testing complete. I have created a draft PR in the slim-starterkit-python project. Please feel free to review.
A PR in SLIM (here) will also be created shortly to add this to the documentation stack.
Checked for duplicates
Yes - I've already checked
Best Practice Guide Category
Software Lifecycle
Best practice guide URL
Python Starter Kit
Describe the improvement
Item (1): Python Package Index (PyPi) publishing has transitioned to Trusted Publishing in an implementation step en route to PEP 740 adoption. This ticket is to implement Trusted Publishing (TP).
What does TP provide? It guarantees the provenance of software published from your organization. When that provenance is validated, the details and package origins of your published software is "verified" rather than reported as "unverified" in the package index.
Moreover, the publishing process has changes to isolate the actual delivery to package indices with the option for different signature validation and publishing keys, depending on the target index.
Item (2): Update documentation stack with recent updates and improvements. These can include not only the documentation stack, but also GitHub workflow automation, such as security scanning.