Closed JBWilkie closed 2 months ago
Currently, we use static user credentials for PyPi to release new darwin-py versions. Ideally, static credentials should not be used
This PR adjusts the release process to authenticate with PyPi via OIDC, which uses short-lived tokens. This guide was followed: https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi
Removed the need for static credentials when publishing versions of darwin-py
PLA-1049 Darwin-Py Release Process security improvements
linear[bot]
commented
2 months ago linear[bot]
commented
2 months ago
Problem
Currently, we use static user credentials for PyPi to release new darwin-py versions. Ideally, static credentials should not be used
Solution
This PR adjusts the release process to authenticate with PyPi via OIDC, which uses short-lived tokens. This guide was followed: https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi
Changelog
Removed the need for static credentials when publishing versions of darwin-py