I don't know if this is new or I missed it in my original pull request, but this updates the publish job so it will utilize PyPI's trusted publishing instead of token based auth. The main benefit seems to be scoped tokens and no more manual publishing. But it's a minor update to include this and seems to be the preferred way, so here it is.
I don't know if this is new or I missed it in my original pull request, but this updates the publish job so it will utilize PyPI's trusted publishing instead of token based auth. The main benefit seems to be scoped tokens and no more manual publishing. But it's a minor update to include this and seems to be the preferred way, so here it is.
The action's setup for this can be found here: https://github.com/pypa/gh-action-pypi-publish/tree/release/v1/#trusted-publishing
There is some action to take on PyPI, as described here: https://docs.pypi.org/trusted-publishers/adding-a-publisher/