more broken links

lwasser · lwasser · commit 03edacca7c92 · 2025-03-13T14:45:32.000-06:00
diff --git a/_posts/2025-03-13-python-packaging-security-pypi.md b/_posts/2025-03-13-python-packaging-security-pypi.md
@@ -104,6 +104,7 @@ To lock down a GitHub environment:
 
 
 <figure>
+  <source srcset="/images/python-packaging/github-action-environment-pypi.webp" type="image/webp">
     <img src="/images/python-packaging/github-action-environment-pypi.png" alt="Screenshot of the GitHub settings interface showing the ‘Environments’ section with configuration options for ‘pypi.’ The ‘Deployment protection rules’ section is visible, with ‘Required reviewers’ enabled and two reviewers listed: ‘lwasser’ and ‘willingc.’ Other options such as ‘Prevent self-review’ and ‘Wait timer’ are present but not enabled.">
   <figcaption>
     GitHub environment settings for “pypi,” displaying deployment protection rules with required reviewers configured for workflow approvals.
@@ -122,6 +123,7 @@ A Trusted Publisher setup creates a secure link between PyPI and your repository
 Using a Trusted Publisher combined with a locked-down environment eliminates the need to store sensitive tokens as GitHub secrets. It also removes the need to refresh and update tokens periodically to avoid token leaks or theft issues.
 
 <figure>
+    <source srcset="/images/python-packaging/trusted-publisher-pypi-github.webp" type="image/webp">
     <img src="/images/python-packaging/trusted-publisher-pypi-github.png" alt="A workflow diagram showing GitHub Actions building distribution files (sdist and wheel), publishing them securely to PyPI, represented as a warehouse. The diagram includes a lock icon emphasizing security, with the pyOpenSci logo in the top-left corner.">
   <figcaption>
     Example of the PyPI Trusted Publisher form, used to securely link a GitHub repository with PyPI for publishing Python packages. Trusted Publisher reduces the risk of token theft and improves overall security.
@@ -148,7 +150,7 @@ The steps for setting up Trusted Publisher are:
 <figure>
   <picture>
     <source srcset="/images/python-packaging/trusted-publisher-form.webp" type="image/webp">
-    <img src="trusted-publisher-form.webp" alt="PyPI Trusted Publisher form example showing settings for linking a GitHub repository with PyPI for secure publishing." loading="lazy">
+    <img src="/images/python-packaging/trusted-publisher-form.png" alt="PyPI Trusted Publisher form example showing settings for linking a GitHub repository with PyPI for secure publishing." loading="lazy">
   </picture>
   <figcaption>
     Example of the PyPI Trusted Publisher form, used to securely link a GitHub repository with PyPI for publishing Python packages. Trusted Publisher reduces the risk of token theft and improves overall security.
@@ -161,7 +163,7 @@ For an example of a GitHub workflow that uses Trusted Publishing, check out our
 <figure>
   <picture>
     <source srcset="/images/python-packaging/trusted-publisher-manage.webp" type="image/webp">
-    <img src="trusted-publisher-form.webp" alt="PyPI Trusted Publisher manage settings showing what the Trusted Publisher setup looks like after you've created it in PyPI. It shows all of the items that you filled out in the form and has a remove button if you want to remove it from PyPI. " loading="lazy">
+    <img src="/images/python-packaging/trusted-publisher-manage.png" alt="PyPI Trusted Publisher manage settings showing what the Trusted Publisher setup looks like after you've created it in PyPI. It shows all of the items that you filled out in the form and has a remove button if you want to remove it from PyPI. " loading="lazy">
   </picture>
   <figcaption>
     Example of the PyPI Trusted Publisher setup in PyPI once you've created the Trusted PuUblisher link by filling the form out above.
