fcollonval
commented
1 year ago FYI I opened a PR on jupyter_releaser to support this as well as NPM provenance: https://github.com/jupyter-server/jupyter_releaser/pull/511
Closed blink1073 closed 3 months ago
fcollonval
commented
1 year ago FYI I opened a PR on jupyter_releaser to support this as well as NPM provenance: https://github.com/jupyter-server/jupyter_releaser/pull/511
fcollonval
commented
7 months ago I'm starting rolling that to the major JupyterLab packages for the next release.
blink1073
commented
3 months ago All of the repositories that use Jupyter Releaser now use PyPI trusted publishing.
As mentioned in the meeting yesterday, we should consider using PyPI Trusted Publishers for Jupyter Projects.
I ran an experiment using my test-python-project repository. I made a release to the Test PyPI instance using my main account, and then one using a backup account, that does not have a login to Test PyPI.
Here is what the PyPI security log looks like:
Here is the deployment log from the repo:
The publish permissions would move from PyPI to the Environment Permissions on the repository: