Goal
Move the project to PyPI Trusted Publishers so that publishing releases no longer requires long‑lived API tokens or any other stored secrets.
Motivation
Trusted Publishers allow GitHub Actions to authenticate using short‑lived, automatically issued identities. This removes the need for manually managed credentials and strengthens the project’s supply‑chain security.
Documentation
Acceptance Criteria
- Repository is registered as a Trusted Publisher on PyPI
- Publishing workflow uses OIDC-based authentication
- All PyPI tokens or secrets are removed from repository settings
- A release candidate is successfully published using the new setup
Goal
Move the project to PyPI Trusted Publishers so that publishing releases no longer requires long‑lived API tokens or any other stored secrets.
Motivation
Trusted Publishers allow GitHub Actions to authenticate using short‑lived, automatically issued identities. This removes the need for manually managed credentials and strengthens the project’s supply‑chain security.
Documentation
Acceptance Criteria