[Feature]: Update deploy release action to use OpenID Connect #960
Assignees
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to see added to HDMF?
PyPI will require all users to enable a form of two-factor authentication on their accounts by the end of 2023. We can't use 2FA when using GitHub Actions to upload releases to PyPI. Instead, we need to use PyPI's Trusted Publishing using OpenID Connect to upload releases to PyPI.
https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/
https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi
Doesn't look too hard to do, but will require some testing with the test PyPI server on all repos.
Is your feature request related to a problem?
No response
What solution would you like?
See above
Do you have any interest in helping implement the feature?
Yes.
Code of Conduct
The text was updated successfully, but these errors were encountered: