- owner "sarugaku"
- repository name "shellingham"
- workflow "publish.yml"
- environment name "pypi" # The name of environment in the yaml needs to match the name of the github UI and what you put on pypi
Github.com Create a environment named "pypi" in github UI under environments.
Below a screenshot of project github.com/michaelfeil/infinity and added e.g. me as Required Reviewer (e.g. if someone else pushes a tag to my repo, this stalls the github CI, and I get a notification to approve the publish.yml workflow)
Benefit: If someone submits a PR, they cannot steal the
PYPI_TOKEN
Closes #84Adapted from: https://github.com/pypa/gh-action-pypi-publish?tab=readme-ov-file#trusted-publishing
There are some steps that the admin of this repo need to do. Both are UI actions.
TODO:
This should roughly do it