Skip to content

Migrate pypi.yml workflow to Trusted Publisher with updated actions#263

Merged
ekzhu merged 3 commits intomasterfrom
copilot/update-pypi-workflow
Nov 4, 2025
Merged

Migrate pypi.yml workflow to Trusted Publisher with updated actions#263
ekzhu merged 3 commits intomasterfrom
copilot/update-pypi-workflow

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Nov 4, 2025
edited
Loading

Modernizes the PyPI publishing workflow to use OIDC-based Trusted Publisher authentication instead of long-lived API tokens, and updates all GitHub Actions to their latest versions.

Changes:

  • Trusted Publisher (OIDC): Removed user/password authentication; added id-token: write permission
  • Environment: Added environment: package for deployment controls
  • Action versions:
    • actions/checkout: v3 → v5
    • actions/setup-python: v4 → v6
    • pypa/gh-action-pypi-publish: SHA pin → v1.13.0

Setup required:

Repository owner must configure PyPI Trusted Publisher with:

  • Repository: ekzhu/datasketch
  • Workflow: pypi.yml
  • Environment: package

And create the package environment in GitHub repository settings.

Original prompt

Update the pypi.yml github workflow: 1. remove usage of secret and use PyPI's trusted publisher feature; 2. run the workflow in the "package" environment; 3. update action versions if necessary

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 2 commits November 4, 2025 20:15
@ekzhu
Update pypi.yml to use Trusted Publisher and latest action versions
e7eada3 
Co-authored-by: ekzhu <320302+ekzhu@users.noreply.github.com>
@ekzhu
Pin pypa/gh-action-pypi-publish to specific version v1.13.0
3e281f8 
Co-authored-by: ekzhu <320302+ekzhu@users.noreply.github.com>
@ekzhu ekzhu mentioned this pull request Nov 4, 2025
Closed
Copilot AI changed the title [WIP] Update pypi.yml workflow for trusted publisher feature Migrate pypi.yml workflow to Trusted Publisher with updated actions Nov 4, 2025
Copilot AI requested a review from ekzhu November 4, 2025 20:19
@ekzhu ekzhu marked this pull request as ready for review November 4, 2025 21:29
@ekzhu ekzhu merged commit 998923c into master Nov 4, 2025
18 checks passed
@ekzhu ekzhu deleted the copilot/update-pypi-workflow branch November 4, 2025 22:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@ekzhu ekzhu ekzhu approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@ekzhu ekzhu

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ekzhu