github-actions[bot]
commented
9 months ago 
:point_left: Launch a Binder on branch jtpio/voila/trusted-publisher
Closed jtpio closed 9 months ago
github-actions[bot]
commented
9 months ago :point_left: Launch a Binder on branch jtpio/voila/trusted-publisher
jtpio
commented
9 months ago We can then remove voila-bot from PyPI after this is merged.
jtpio
commented
9 months ago We can then remove
voila-botfrom PyPI after this is merged.
And the PYPI_TOKEN in the repo secrets.
Looks like voila-bot was only used for 2 projects on PyPI:
martinRenou
commented
9 months ago Happy to remove that bot, thank you!
jtpio
commented
9 months ago Just removed it from PyPI. I think we need to keep as Admin on the repos though.
martinRenou
commented
9 months ago I think we need to keep as Admin on the repos though.
Why?
jtpio
commented
9 months ago Because it's still the bot creating the GitHub releases:
There is also still the need to the admin github token. But this might not be needed in a future version of the releaser: https://github.com/jupyter-server/jupyter_releaser/pull/545
martinRenou
commented
9 months ago Ok 👍🏽
References
Start using trusted publishers for publishing Voila to PyPI.
This will help to not have to deal with 2FA with the bot account: https://blog.pypi.org/posts/2024-01-01-2fa-enforced/
Code changes
publish-release.ymlto remove the PyPI token and set upid-tokenvoilaon PyPI to use trusted publishersUser-facing changes
None
Backwards-incompatible changes
None