There is an existing issue over on the fsspec package repo (fsspec/filesystem_spec#1866) and I wanted to also open one here, since the same applies. As was already written there:
Trusted publishing (with attestations) means I can know for certain that what I download from PyPI is the same artefact which was generated in GitHub CI, meaning that what I see in GitHub is the same as what is installed - handy for auditing (rather than having to manually review all of the installed files on each release).
See the Python packaging documentation, the PyPI documentation, and the official pypi-publish GitHub action documentation on trusted publishing - you'll need to configure an environment in PyPI and GitHub. You will be able to remove the PYPI_PASSWORD project secret.
Should be as simple as switching to the pypa/gh-action-pypi-publish action (instead of twine upload dist/*) in the deploy job of the pypipublish workflow, and adding environment and permissions to that job.
The workflow in this case, for s3fs, does not seem to be set up to publish the package via CI (i.e. there is no equivalent to the fsspec repo's pypipublish.yaml), but perhaps this could be a good time to set it up!
As I just added in a comment there, I would particularly like to see this implemented in the wake of the litellm supply chain attack*, given the importance of this package on PyPI (25th by downloads), using the pypa/gh-action-pypi-publish action with Trusted Publishing would make the Python ecosystem more secure.
* Post-mortems of the litellm attack:
- https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/
- https://snyk.io/articles/poisoned-security-scanner-backdooring-litellm/
There is an existing issue over on the fsspec package repo (fsspec/filesystem_spec#1866) and I wanted to also open one here, since the same applies. As was already written there:
The workflow in this case, for s3fs, does not seem to be set up to publish the package via CI (i.e. there is no equivalent to the fsspec repo's
pypipublish.yaml), but perhaps this could be a good time to set it up!As I just added in a comment there, I would particularly like to see this implemented in the wake of the litellm supply chain attack*, given the importance of this package on PyPI (25th by downloads), using the pypa/gh-action-pypi-publish action with Trusted Publishing would make the Python ecosystem more secure.
* Post-mortems of the litellm attack: