Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #2390 from jku/update-release-docs

Browse source 
docs: Document PyPI Trusted Publishing
This commit is contained in:
Lukas Pühringer 2023-05-10 12:36:57 +02:00 committed by GitHub
commit e2a2afa791
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
docs/RELEASE.md
View file

@ -3,18 +3,18 @@
**Prerequisites (one-time setup)**
1. Go to [PyPI management page](https://pypi.org/manage/account/#api-tokens) and create
an [API token](https://pypi.org/help/#apitoken) with its scope limited to the tuf project.
1. Enable "Trusted Publishing" in PyPI project settings
* Publisher: GitHub
* Owner: theupdateframework
* Project: python-tuf
* Workflow: cd.yml
* Environment: release
1. Go to [GitHub
settings](https://github.com/theupdateframework/python-tuf/settings/environments),
create an
[environment](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#creating-an-environment)
called `release` and configure [review
protection](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#required-reviewers).
1. In the environment create a
[secret](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets)
called `PYPI_API_TOKEN` and paste the token created above.
## Release