Skip to content

ci: add PyPI trusted publishing workflow#7

Merged
oleg-bk merged 1 commit into
mainfrom
codex/lurkr-pypi-trusted-publish
Jun 1, 2026
Merged

ci: add PyPI trusted publishing workflow#7
oleg-bk merged 1 commit into
mainfrom
codex/lurkr-pypi-trusted-publish

Conversation

@oleg-bk

@oleg-bk oleg-bk commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Add tokenless PyPI publishing workflow via GitHub OIDC and pypa/gh-action-pypi-publish@release/v1.
  • Trigger on GitHub Release publication and manual dispatch.
  • Use GitHub environment pypi and id-token: write; no PyPI token or secret is added.

Verification

  • sed -n '1,140p' .github/workflows/pypi-publish.yml -> workflow reviewed
  • git diff --check and git diff --cached --check -> clean
  • .venv/bin/python -m pytest -q -> 536 passed

Required PyPI setup before running publish

Configure PyPI Trusted Publisher for project lurkr with:

  • Owner: agentveil-protocol
  • Repository: lurkr
  • Workflow filename: pypi-publish.yml
  • Environment name: pypi

After the mapping exists, run the pypi-publish workflow manually from main to publish the already-prepared 0.4.0 package. Future releases can publish by creating/publishing the GitHub release after this workflow is on main.

Implemented with assistance from Codex.

Add a tokenless PyPI publish workflow using GitHub OIDC and pypa/gh-action-pypi-publish. The workflow builds distributions on release publication or manual dispatch and requires the PyPI trusted publisher mapping for the pypi environment.

Implemented with assistance from Codex.
@oleg-bk oleg-bk merged commit a307534 into main Jun 1, 2026
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant