Mention PyPI trusted publishing

jeanas · webknjaz · commit b5cdeb9228b3 · 2024-02-22T01:52:49.000+01:00
diff --git a/source/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows.rst b/source/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows.rst
@@ -1,3 +1,5 @@
+.. _trusted-publishing:
+
 =============================================================================
 Publishing package distribution releases using GitHub Actions CI/CD workflows
 =============================================================================
diff --git a/source/guides/tool-recommendations.rst b/source/guides/tool-recommendations.rst
@@ -134,7 +134,12 @@ to build distributable wheels.
 Uploading to PyPI
 =================
 
-The standard tool for this task is :ref:`twine`.
+For projects hosted on GitHub, PyPI recommends using :ref:`trusted publishing
+<trusted-publishing>`, which allows the package to be securely uploaded to PyPI
+from a GitHub Actions job. (This is not yet supported on software forges other
+than GitHub.)
+
+The other available method is to upload the package manually using :ref:`twine`.
 
 **Never** use ``python setup.py upload`` for this task. In addition to being
 :ref:`deprecated <setup-py-deprecated>`, it is insecure.

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+.. _trusted-publishing:`
	`2`	`+`
`1`	`3`	`=============================================================================`
`2`	`4`	`Publishing package distribution releases using GitHub Actions CI/CD workflows`
`3`	`5`	`=============================================================================`