Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs: Document PyPI Trusted Publishing

Browse source 
Fixes #2386

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This commit is contained in:
Jussi Kukkonen 2023-05-10 10:30:34 +03:00
parent eff842201e
commit 85cbb1c7b2
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
docs/RELEASE.md
View file

@ -3,18 +3,18 @@
**Prerequisites (one-time setup)**
1. Go to [PyPI management page](https://pypi.org/manage/account/#api-tokens) and create
an [API token](https://pypi.org/help/#apitoken) with its scope limited to the tuf project.
1. Enable "Trusted Publishing" in PyPI project settings
* Publisher: GitHub
* Owner: theupdateframework
* Project: python-tuf
* Workflow: cd.yml
* Environment: release
1. Go to [GitHub
settings](https://github.com/theupdateframework/python-tuf/settings/environments),
create an
[environment](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#creating-an-environment)
called `release` and configure [review
protection](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#required-reviewers).
1. In the environment create a
[secret](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets)
called `PYPI_API_TOKEN` and paste the token created above.
## Release