Overview
Explore the concept of "Trusted Publishing" introduced by PyPI in this 26-minute conference talk from EuroPython 2024. Learn how package maintainers can create releases directly from GitHub Actions pipelines without managing tokens, enhancing security against supply chain attacks. Discover the inner workings of this feature, understand how to implement it with minimal changes to existing setups, and get insights into the ongoing efforts to expand support for other publishers like GitLab, Google, and ActiveState.
Syllabus
Automatic trusted publishing with PyPI — Facundo Tuesca
Taught by
EuroPython Conference