trams commented on PR #2555: URL: https://github.com/apache/thrift/pull/2555#issuecomment-1663098582
I think now there is a way to declare a Github Action trusted and avoid adding tokens anywhere. See this documentation https://docs.pypi.org/trusted-publishers/using-a-publisher/ Their example is using pypa/gh-action-pypi-publish@release/v1 which I am not sure would work correctly with our thrift repo because we have a package inside lib/py not the root directory But I think we are not limited to use only this GitHub action -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
