PyPI 官方宣布,从今天开始他们引入了‘Trusted Publishers’(可信发布)机制,PyPI 包维护者可以采用一种新的、更安全的发布方法,不需要与外部系统共享长期密码或 API 令牌。
据介绍,“可信发布”是使用 OpenID Connect (OIDC) 标准在可信第三方服务和 PyPI 之间交换短期身份令牌的术语。此方法可用于自动化环境,在发布时无需使用用户名/密码组合或手动生成的 API 令牌通过 PyPI 进行身份验证。
PyPI 维护者可以将 PyPI 配置为信任给定 OpenID Connect 身份提供者 (IdP) 提供的身份。这允许 PyPI 验证身份并将信任委托给该身份,然后授权该身份从 PyPI 请求短期的、范围严格的 API 令牌。这些 API 令牌永远不需要存储或共享,通过快速过期自动轮换,并在已发布的包及其来源之间提供可验证的链接。
PyPI 介绍了通过 GitHub Actions 使用可信发布机制的方式:
jobs:
pypi-publish:
name: upload release to PyPI
runs-on: ubuntu-latest
+ permissions:
+ # IMPORTANT: this permission is mandatory for trusted publishing
+ id-token: write
steps:
# retrieve your distributions here
– name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
– with:
– username: __token__
– password: ${{ secrets.PYPI_TOKEN }}
详细使用方法查看文档:https://docs.pypi.org/trusted-publishers/
ufabet
มีเกมให้เลือกเล่นมากมาย: เกมเดิมพันหลากหลาย ครบทุกค่ายดัง
tornado crypto mixer
Discover the power of privacy with TornadoCash! Learn how this decentralized mixer ensures your transactions remain confidential.
ดูบอลสด
Very well presented. Every quote was awesome and thanks for sharing the content. Keep sharing and keep motivating others.
ดูบอลสด
Pretty! This has been a really wonderful post. Many thanks for providing these details.
ดูบอลสด
Pretty! This has been a really wonderful post. Many thanks for providing these details.
ดูบอลสด
Hi there to all, for the reason that I am genuinely keen of reading this website’s post to be updated on a regular basis. It carries pleasant stuff.
Obrazy Sztuka Nowoczesna
Thank you for this wonderful contribution to the topic. Your ability to explain complex ideas simply is admirable.
ufabet
Hi there to all, for the reason that I am genuinely keen of reading this website’s post to be updated on a regular basis. It carries pleasant stuff.
ufabet
Very well presented. Every quote was awesome and thanks for sharing the content. Keep sharing and keep motivating others.
