CI: Use pypi trusted publisher for release by akrherz · Pull Request #203 · python-metar/python-metar

akrherz · 2026-03-20T12:56:19Z

closes #200

akrherz · 2026-03-20T13:01:46Z

Unsure how to test this, but will see if copilot spots anything of concern...

Copilot

Pull request overview

Updates the GitHub Actions release workflow to publish to PyPI using OIDC/Trusted Publishing instead of a long-lived PyPI API token, addressing the 403 upload failure reported in #200.

Changes:

Adds PyPI environment configuration and enables id-token permissions for OIDC-based publishing.
Switches publishing to pypa/gh-action-pypi-publish@release/v1.
Introduces a step to mint a short-lived PyPI API token from the GitHub OIDC token and uses it for upload.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/release.yml

Copilot

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/release.yml

CI: Use pypi trusted publisher for release

0f24208

closes python-metar#200

akrherz requested a review from Copilot March 20, 2026 13:01

Copilot started reviewing on behalf of akrherz March 20, 2026 13:01 View session

Copilot AI reviewed Mar 20, 2026

View reviewed changes

.github/workflows/release.yml Show resolved Hide resolved

.github/workflows/release.yml Outdated Show resolved Hide resolved

.github/workflows/release.yml Outdated Show resolved Hide resolved

akrherz added 2 commits March 20, 2026 08:09

Use automatic oidc token workflow

f05e982

Add read permission per copilot suggestion

b88302b

akrherz requested a review from Copilot March 20, 2026 13:10

Copilot started reviewing on behalf of akrherz March 20, 2026 13:11 View session

Copilot AI reviewed Mar 20, 2026

View reviewed changes

.github/workflows/release.yml Outdated Show resolved Hide resolved

Remove twine as copilot suggests it is not needed

048ca30

akrherz merged commit de36264 into python-metar:main Mar 20, 2026
6 checks passed

akrherz deleted the gh200_pypi_trusted branch March 20, 2026 14:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI: Use pypi trusted publisher for release#203

CI: Use pypi trusted publisher for release#203
akrherz merged 4 commits intopython-metar:mainfrom
akrherz:gh200_pypi_trusted

akrherz commented Mar 20, 2026

Uh oh!

akrherz commented Mar 20, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

akrherz commented Mar 20, 2026

Uh oh!

akrherz commented Mar 20, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants