-
-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose PEP 740 attestations functionality #236
base: unstable/v1
Are you sure you want to change the base?
Conversation
I've confirmed that the basic version of this works as expected ( |
@woodruffw I just bumped Twine FYI. And pre-commit is fine now. Rebasing should get the blockers out of the way. |
Good timing, so did @facutuesca 馃槄 |
Signed-off-by: William Woodruff <[email protected]>
I'm squashing and rebasing this branch now |
46986ef
to
b526ff8
Compare
Signed-off-by: Facundo Tuesca <[email protected]>
@woodruffw @webknjaz The remaining lint failure is due to an error message string ( |
That's what I was thinking originally, although I think the "clean" thing to do here would be to turn the Python files here into a project structure that gets installed as part of the Docker image's build. But that's a little heavyweight, so @webknjaz may have another idea 馃檪 |
I'm leaning towards just being available on |
@woodruffw hey, it looks like GitHub rolled out their own attestations in beta: https://github.com/actions/attest-build-provenance / https://github.com/pypa/gh-action-pypi-publish/attestations / https://github.com/orgs/community/discussions/122028. I wonder if we could somehow integrate with that... And it seems like there's even a new privilege |
(Sorry, was on PTO -- catching up on mentions now)
Yep, I've been thinking about how to make integrate the two -- the last comment on the PEP discussion thread suggests an approach that would allow GitHub-generated attestations to be compatible with this PEP. TL;DR: I think our options here are:
|
WIP, still experimenting here. Not ready for review 馃檪
TODO:
twine --attestations
See: pypi/warehouse#15871