Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(ci): use new pypi trusted publisher for increase security #2198

Merged
merged 7 commits into from
May 3, 2023
Merged

chore(ci): use new pypi trusted publisher for increase security #2198

merged 7 commits into from
May 3, 2023

Conversation

heitorlessa
Copy link
Contributor

@heitorlessa heitorlessa commented May 3, 2023
edited
Loading

Issue number: #2185

Summary

Updates our release to use new PyPi Trusted Publisher to exchange GHA OIDC token for a valid PyPi token for publishing.

Changes

Please provide a summary of what's being changed

  • Update release steps to use new GH Action for PyPi publishing with OIDC
  • Remove PyPi token
  • Add this repository as a trusted publisher in PyPi prod and PyPi test
  • Split build and release jobs for least privilege
  • Update release process in-workflow docs

User experience

Please share what the user experience looks like before and after this change

Checklist

If your change doesn't seem to apply, please leave them unchecked.

Is this a breaking change?

RFC issue number:

Checklist:

  • Migration process documented
  • Implement warnings (if it can live side by side)

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@heitorlessa heitorlessa requested a review from a team as a code owner May 3, 2023 10:00
@heitorlessa heitorlessa requested review from leandrodamascena and removed request for a team May 3, 2023 10:00
@boring-cyborg boring-cyborg bot added the github-actions Pull requests that update Github_actions code label May 3, 2023
@pull-request-size pull-request-size bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label May 3, 2023
@github-actions github-actions bot added the internal Maintenance changes label May 3, 2023
@heitorlessa
Copy link
Contributor Author

cc @rubenfonseca @leandrodamascena - just pending docs but please let me know if you've got any questions.

@rubenfonseca
Copy link
Contributor

Looking at it now.

rubenfonseca
rubenfonseca suggested changes May 3, 2023
View reviewed changes
Copy link
Contributor

@rubenfonseca rubenfonseca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some small things, but amazing job!

.github/workflows/release.yml Outdated Show resolved Hide resolved
.github/workflows/release.yml Outdated Show resolved Hide resolved
.github/workflows/release.yml Outdated Show resolved Hide resolved
.github/workflows/release.yml Show resolved Hide resolved
.github/workflows/release.yml Show resolved Hide resolved
heitorlessa and others added 3 commits May 3, 2023 13:24
@heitorlessa @rubenfonseca
chore: add space before closing expression
53774dd 
Co-authored-by: Ruben Fonseca <[email protected]>
Signed-off-by: Heitor Lessa <[email protected]>
@heitorlessa @rubenfonseca
chore: add space before closing expression
de0dc25 
Co-authored-by: Ruben Fonseca <[email protected]>
Signed-off-by: Heitor Lessa <[email protected]>
@heitorlessa @rubenfonseca
chore: capitalize sentence and add version
8480561 
Co-authored-by: Ruben Fonseca <[email protected]>
Signed-off-by: Heitor Lessa <[email protected]>
@heitorlessa heitorlessa requested a review from rubenfonseca May 3, 2023 11:34
rubenfonseca
rubenfonseca approved these changes May 3, 2023
View reviewed changes
Copy link
Contributor

@rubenfonseca rubenfonseca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@heitorlessa heitorlessa merged commit 538f12d into aws-powertools:develop May 3, 2023
@heitorlessa heitorlessa deleted the chore/pypi-trusted-publisher branch May 3, 2023 12:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rubenfonseca rubenfonseca rubenfonseca approved these changes

@leandrodamascena leandrodamascena Awaiting requested review from leandrodamascena leandrodamascena was automatically assigned from awslabs/aws-lambda-powertools-python

Assignees
No one assigned
Labels
github-actions Pull requests that update Github_actions code internal Maintenance changes size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@heitorlessa @rubenfonseca