You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All stored secreted were cleared by the Scikit-HEP team due to a security threat that turned out to be a GitHub bug. It is recommended that Scikit-HEP projects move to trusted publisher releases instead of regenerating tokens. This requires telling PyPI about the GitHub details (repo location, ci job file, and environment), and setting up something like this (taken from https://learn.scientific-python.org/development/guides/gha-wheels/#publishing):
I'm not sure how this interacts with branch-based releases that are currently used. I think you might be able to just remove the "environment" field (and leave the field blank on PyPI) and it might just work (though be less secure and have fewer options for release approvals and such that GitHub environments provide).
The text was updated successfully, but these errors were encountered:
All stored secreted were cleared by the Scikit-HEP team due to a security threat that turned out to be a GitHub bug. It is recommended that Scikit-HEP projects move to trusted publisher releases instead of regenerating tokens. This requires telling PyPI about the GitHub details (repo location, ci job file, and environment), and setting up something like this (taken from https://learn.scientific-python.org/development/guides/gha-wheels/#publishing):
I'm not sure how this interacts with branch-based releases that are currently used. I think you might be able to just remove the "environment" field (and leave the field blank on PyPI) and it might just work (though be less secure and have fewer options for release approvals and such that GitHub environments provide).
The text was updated successfully, but these errors were encountered: