Improve the release process to enable trusted publishing

pypa / pip

The Python package installer

https://pip.pypa.io/

MIT License

9.53k stars 3.03k forks source link

Improve the release process to enable trusted publishing #12708

Open pradyunsg opened 5 months ago

pradyunsg commented 5 months ago

/cc @sethmlarson who I briefly mentioned this to at PyCon US 2024

The current process is documented at https://pip.pypa.io/en/stable/development/release-process/

The idea here would be to automate the end-to-end process to happen on a publicly auditable location and through trusted publishers via GHA to publish to PyPI.

sethmlarson commented 5 months ago

Woo! :rocket: Sounds good to me :)

sbidoul commented 2 weeks ago

Let's do this? #13048