Skip to content

ci: add PyPI trusted publishing workflow#73

Merged
CoderDeltaLAN merged 1 commit into
mainfrom
release/add-pypi-trusted-publishing-workflow
Jun 17, 2026
Merged

ci: add PyPI trusted publishing workflow#73
CoderDeltaLAN merged 1 commit into
mainfrom
release/add-pypi-trusted-publishing-workflow

Conversation

@CoderDeltaLAN

@CoderDeltaLAN CoderDeltaLAN commented Jun 17, 2026

Copy link
Copy Markdown
Owner

Summary:

  • Adds a PyPI Trusted Publishing workflow prepared for the final release path.
  • Uses release: published as the only trigger.
  • Uses the pypi environment and id-token: write for OIDC publishing.
  • Does not use PyPI tokens, usernames, passwords, or GitHub secrets.

Verification:

  • Pre-push strong check passed.
  • Full local check passed: 118 tests, Ruff, text hygiene, git whitespace.
  • Static workflow guards passed: no workflow_dispatch, no pull_request trigger, no push trigger.
  • Release ref guard simulation passed for matching v0.2.1 and rejected mismatched v9.9.9.
  • Secret scan passed for the workflow.

Scope:

  • .github/workflows/publish-pypi.yml

Not included:

  • No README final update.
  • No tag creation.
  • No GitHub Release publication.
  • No PyPI publication.
  • No release asset upload.

Release gate note:

  • Final release must stop until GitHub environment pypi is created/verified and protected.

@CoderDeltaLAN CoderDeltaLAN merged commit 6133967 into main Jun 17, 2026
1 check passed
@CoderDeltaLAN CoderDeltaLAN deleted the release/add-pypi-trusted-publishing-workflow branch June 17, 2026 08:20
@CoderDeltaLAN CoderDeltaLAN mentioned this pull request Jun 17, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CoderDeltaLAN