Get a temporary access token for publishing to a pyx registry with Trusted Publishing.
To use this action, you must have a Trusted Publisher configured on pyx. Refer to the pyx documentation for more information.
To use this action, you must have a Trusted Publisher configured on pyx. Refer to the pyx documentation for more information.
Additionally, this action requires the id-token: write permission,
in order to fetch an OIDC token from GitHub. This permission is not
granted by default, so you must explicitly add it to your job:
permissions:
id-token: write # for Trusted Publishing to pyx
contents: read # for actions/checkout, if you're in a private repoUse the [[tool.uv.index]] section in your pyproject.toml to configure
your pyx registry:
[[tool.uv.index]]
name = "main"
url = "https://api.pyx.dev/simple/acme/main"
publish-url = "https://api.pyx.dev/v1/upload/acme/main"(Replace acme and main with your workspace and registry names.)
Then, use the index input to tell pyx which index you intend to publish to:
jobs:
publish:
runs-on: ubuntu-latest
permissions:
id-token: write # for Trusted Publishing to pyx
contents: read # for actions/checkout, if you're in a private repo
steps:
- uses: astral-sh/pyx-auth-action@63955a4c412aae8e6f47603c78e3548a98445a52 # v0.0.5
id: auth
with:
index: main
- run: uv publish
env:
UV_PUBLISH_URL: ${{ steps.auth.outputs.url }}
UV_PUBLISH_TOKEN: ${{ steps.auth.outputs.token }}If you don't want to use the [[tool.uv.index]] section in your
pyproject.toml, you can specify the workspace and registry inputs
directly.
If you're publishing to your workspace's default registry, you can omit the
registry input:
- uses: astral-sh/pyx-auth-action@63955a4c412aae8e6f47603c78e3548a98445a52 # v0.0.5
id: auth
with:
workspace: acme
- run: uv publish
env:
UV_PUBLISH_URL: ${{ steps.auth.outputs.url }}
UV_PUBLISH_TOKEN: ${{ steps.auth.outputs.token }}Instead of passing workspace and registry, you can pass the upload URL
directly:
- uses: astral-sh/pyx-auth-action@63955a4c412aae8e6f47603c78e3548a98445a52 # v0.0.5
id: auth
with:
url: https://api.pyx.dev/v1/upload/acme/main
- run: uv publish
env:
UV_PUBLISH_URL: ${{ steps.auth.outputs.url }}
UV_PUBLISH_TOKEN: ${{ steps.auth.outputs.token }}The name of the index to publish to, as defined in the
[[tool.uv.index]] section of your pyproject.toml.
See uv - Publishing your package for more information on configuring indexes for publishing.
Mutually exclusive with workspace, registry, and url.
The workspace being published to.
Mutually exclusive with index and url.
The registry being published to, within the workspace.
Optional; defaults to the workspace's default registry.
Mutually exclusive with index and url.
The upload URL being published to.
Mutually exclusive with index, workspace, and registry.
The upload URL being published to.
This is identical to the url input, if it was used.
If workspace and registry were provided instead, this is the constructed
upload URL.
The upload token to use when publishing.
Important
This token is short-lived and can only be used for uploading to the projects scoped to your Trusted Publisher. However, it is still a secret and should be treated like one.
pyx-auth-action is licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in pyx-auth-action by you, as defined in the Apache-2.0 license, shall be dually licensed as above, without any additional terms or conditions.
