Skip to content

Enable attestations for PyPI publish action #986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Enable attestations for PyPI publish action #986

wants to merge 1 commit into from

Conversation

@keflavich
Copy link
Contributor

@keflavich keflavich commented Nov 11, 2025

This is recommended by .... the warnings on pypi publish workflows

Warning: The workflow was run with the 'attestations: true' input, but an explicit password was also set, disabling Trusted Publishing. As a result, the attestations input is ignored.
Warning: Trusted Publishers allows publishing packages to PyPI from automated environments like GitHub Actions without needing to use username/password combinations or API tokens to authenticate with PyPI. Read more: https://docs.pypi.org/trusted-publishers
Warning: A new Trusted Publisher for the currently running publishing workflow can be created by accessing the following link(s) while logged-in as an owner of the package(s):

@pllim
Copy link
Contributor

pllim commented Nov 11, 2025

I see this on your publish log.

A new Trusted Publisher for the currently running publishing workflow can be created by accessing the following link(s) while logged-in as an owner of the package(s):

https://pypi.org/manage/project/spectral-cube/settings/publishing/?provider=github&owner=radio-astro-tools&repository=spectral-cube&workflow_filename=publish.yml

Trusted Publishers allows publishing packages to PyPI from automated environments like GitHub Actions without needing to use username/password combinations or API tokens to authenticate with PyPI. Read more: https://docs.pypi.org/trusted-publishers

attestations input ignored

The workflow was run with the 'attestations: true' input, but an explicit password was also set, disabling Trusted Publishing. As a result, the attestations input is ignored.

@pllim
Copy link
Contributor

pllim commented Nov 11, 2025

Not sure what's up with the RTD failure here. Maybe transient?

Also not sure how you can test this until you make the next release.

@keflavich
Copy link
Contributor Author

keflavich commented Nov 11, 2025

yeah, I already added the attestation - that link has no effect any more

@e-koch
Copy link
Contributor

e-koch commented Nov 11, 2025

The rtf failure must be transient? Nothing changed on that end and the last successful build was 45 min ago.

@e-koch
Copy link
Contributor

e-koch commented Nov 11, 2025

Oh I see the problem. @keflavich you need to rebase to update the rtd yaml file: https://github.com/radio-astro-tools/spectral-cube/blob/main/.readthedocs.yml

@keflavich
Copy link
Contributor Author

keflavich commented Nov 11, 2025

apparently my local branch was in a weird state that caused this.

@pllim
Copy link
Contributor

pllim commented Nov 11, 2025

Huh, is the Windows failure expected?

E This probably means that tk wasn't installed properly.

@pllim
Copy link
Contributor

pllim commented Nov 11, 2025

Also do you need a branch manager?

branch manager

@e-koch
Copy link
Contributor

e-koch commented Nov 12, 2025

Also do you need a branch manager?

branch manager

Hired!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@keflavich @pllim @e-koch