fix: Download dist before deploying to pypi #6
jongracecox
This run and associated checks have been archived and are scheduled for deletion.
Learn more about checks retention
python-package.yaml
on: push
build
11s
Sign the Python 🐍 distribution 📦 with Sigstore and upload them to GitHub Release
0s
Annotations
1 error and 4 warnings
|
Password-based uploads disabled
As of 2024, PyPI requires all users to enable Two-Factor Authentication. This consequently requires all users to switch to either Trusted Publishers (preferred) or API tokens for package uploads. Read more: https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/
|
|
build
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
|
attestations input ignored
The workflow was run with the 'attestations: true' input, but an explicit password was also set, disabling Trusted Publishing. As a result, the attestations input is ignored.
|
|
Upgrade to Trusted Publishing
Trusted Publishers allows publishing packages to PyPI from automated environments like GitHub Actions without needing to use username/password combinations or API tokens to authenticate with PyPI. Read more: https://docs.pypi.org/trusted-publishers
|
|
Create a Trusted Publisher
A new Trusted Publisher for the currently running publishing workflow can be created by accessing the following link(s) while logged-in as an owner of the package(s):
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
python-package-distributions
Expired
|
57.2 KB |
sha256:0339ec28680a1b2ebb0efda52d8570bee7b614f858f7b47e75fd152edb117582
|
|