mirror of
https://gitcode.com/gh_mirrors/gh/gh-action-pypi-publish.git
synced 2026-07-02 18:27:49 +00:00
Expose PEP 740 attestations functionality
PR #236 This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`. Ref: https://github.com/pypi/warehouse/issues/15871
This commit is contained in:
@@ -1,9 +1,14 @@
|
||||
twine
|
||||
|
||||
# NOTE: Used to detect an ambient OIDC credential for OIDC publishing.
|
||||
# NOTE: Used to detect an ambient OIDC credential for OIDC publishing,
|
||||
# NOTE: as well as PEP 740 attestations.
|
||||
id ~= 1.0
|
||||
|
||||
# NOTE: This is pulled in transitively through `twine`, but we also declare
|
||||
# NOTE: it explicitly here because `oidc-exchange.py` uses it.
|
||||
# Ref: https://github.com/di/id
|
||||
requests
|
||||
|
||||
# NOTE: Used to generate attestations.
|
||||
pypi-attestations ~= 0.0.11
|
||||
sigstore ~= 3.2.0
|
||||
|
||||
Reference in New Issue
Block a user