Mastodon Feed
Boosted by glyph ("Glyph"):
whitequark@treehouse.systems ("✧✦Catherine✦✧") wrote:
PyPI doesn't have (and is not likely to have anytime soon) Trusted Publishers support for Codeberg, but it lets you do something that's basically as good if you're looking for a convenient way to publish packages from CI: restrict an API token to allow publishing to multiple packages
import pypitoken token = pypitoken.Token.load("pypi-YourAccountScopedTokenHere") token.restrict(project_names=["project1", "project2"]) print(token.dump()) # => pypi-NewTokenRestrictedToThoseProjectsyou can use the same library to create tokens scoped to not-before or not-after if you want, it's pretty flexible that way