@@ -17,62 +17,40 @@ It will use the `pypa/gh-action-pypi-publish GitHub Action`_.
1717 details of building platform specific projects. If you have binary
1818 components, check out :ref: `cibuildwheel `'s GitHub Action examples.
1919
20- Saving credentials on GitHub
21- ============================
22-
23- In this guide, we'll demonstrate uploading to both
24- PyPI and TestPyPI, meaning that we'll have two separate sets
25- of credentials. And we'll need to save them in the GitHub repository
26- settings.
27-
28- Let's begin! 🚀
29-
30- 1. Go to https://pypi.org/manage/account/#api-tokens and
31- create a new `API token `_. If you have the project on PyPI
32- already, limit the token scope to just that project.
33- You can call it something like
34- ``GitHub Actions CI/CD — project-org/project-repo ``
35- in order for it to be easily distinguishable in the token
36- list.
37- **Don't close the page just yet — you won't see that token
38- again. **
39- 2. In a separate browser tab or window, go to the ``Settings ``
40- tab of your target repository and then click on `Secrets `_
41- in the left sidebar.
42- 3. Create a new secret called ``PYPI_API_TOKEN `` and copy-paste
43- the token from the first step.
44- 4. Now, go to https://test.pypi.org/manage/account/#api-tokens
45- and repeat the steps. Save that TestPyPI token on GitHub
46- as ``TEST_PYPI_API_TOKEN ``.
47-
48- .. attention ::
49-
50- If you don't have a TestPyPI account, you'll need to
51- create it. It's not the same as a regular PyPI account.
52-
20+ Configuring trusted publishing
21+ ==============================
5322
54- Using trusted publishing
55- ------------------------
23+ This guide relies on PyPI's `trusted publishing `_ implementation to connect
24+ to `GitHub Actions CI/CD `_. This is recommended for security reasons, since
25+ the generated tokens are created for each of your projects
26+ individually and expire automatically. Otherwise you'll need to generate an
27+ `API token `_ or provide a username/password combination for both PyPI and
28+ TestPyPI.
5629
57- It is also possible to authenticate to PyPI without having to provide
58- an `API token `_. This can be done using
59- PyPI's `trusted publishing `_ implementation. This is recommended
60- also for security reasons, since the generated tokens are created for each of your projects
61- individually and expire automatically.
30+ Since this guide will demonstrate uploading to both
31+ PyPI and TestPyPI, we'll need two trusted publishers configured.
32+ The following steps will lead you through creating the "pending" publishers.
6233
63- The following steps will lead you through creating a "pending" publisher.
34+ Let's begin! 🚀
6435
65361. Go to https://pypi.org/manage/account/publishing/
66- 2. Now fill in the name you wish to publish your new project under,
37+ 2. Fill in the name you wish to publish your new project under,
6738 your repository data and the name of the release workflow file
6839 under the ``.github/ `` folder, see :ref: `workflow-definition `.
6940 Finally add the name of the GitHub Actions environment
7041 running under your repository.
71- Add the trusted publisher.
72- 3. Your "pending" publisher is no ready for its first use and will
73- create your project automatically once you use it
42+ Register the trusted publisher.
43+ 3. Now, go to https://test.pypi.org/manage/account/publishing/ and repeat
44+ the second step.
45+ 4. Your "pending" publishers are now ready for their first use and will
46+ create your projects automatically once you use them
7447 for the first time.
7548
49+ .. attention ::
50+
51+ If you don't have a TestPyPI account, you'll need to
52+ create it. It's not the same as a regular PyPI account.
53+
7654
7755.. _workflow-definition :
7856
0 commit comments