TL;DR here's the guide: https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/.
This will give you a way to publish from GHA (public runners) w/o having to use API tokens / repository secrets, and will produce digital attestations that show up on PyPI too.
TL;DR here's the guide: https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/.
This will give you a way to publish from GHA (public runners) w/o having to use API tokens / repository secrets, and will produce digital attestations that show up on PyPI too.