For GitHub Actions that publish packages, configure OAuth on the PyPI side to authorize each request individually. This allows to remove the API token from repo secrets.
Docs:
https://docs.pypi.org/trusted-publishers/
https://docs.pypi.org/trusted-publishers/adding-a-publisher/
My example:
https://github.com/eggplants/getjump/blob/master/.github/workflows/release.yml#L23-L36
For GitHub Actions that publish packages, configure OAuth on the PyPI side to authorize each request individually. This allows to remove the API token from repo secrets.
Docs:
https://docs.pypi.org/trusted-publishers/
https://docs.pypi.org/trusted-publishers/adding-a-publisher/
My example:
https://github.com/eggplants/getjump/blob/master/.github/workflows/release.yml#L23-L36