
How to publish to PyPI using GitHub Actions securely
The post gives three practical steps for publishing Python packages to PyPI more securely from GitHub Actions: run zizmor, use Trusted Publishing, and require manual approval through GitHub environments. It focuses on reducing credential risk by removing long-lived PyPI tokens, pinning actions, limiting workflow permissions, disabling persisted checkout credentials, and adding a human ap...
snarky.ca/how-to-publish…
English