Skip to content

Use PyPI OIDC when releasing #912

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jack-edmonds-dd merged 1 commit into from
Nov 10, 2025
Merged

Use PyPI OIDC when releasing #912

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 12 additions & 8 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ jobs:
build_wheels:
name: Build wheels on Ubuntu latest
runs-on: ubuntu-latest
permissions:
id-token: write
environment: secure_publish_environment
if: github.event_name == 'release' && github.event.action == 'published'
steps:
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
Expand All @@ -30,11 +33,12 @@ jobs:
run: |
python -m pip install datadog_checks_dev[cli]==20.0.1

- name: Set ddev pypi credentials
run: |
ddev config set pypi.user __token__
ddev config set pypi.pass ${{ secrets.PYPI_TOKEN }}

- name: Publish the wheel to PyPI
run: |
ddev release upload . --sdist
# Publish wheels to PyPI using Trusted Publishers.
# https://docs.pypi.org/trusted-publishers/using-a-publisher/
# This job needs to run from within the pypi-datadog-checks-base environment. PyPi
# validates the workflow file name, environment and repository the request is
# comming from to provide the valid JWT token.
- name: Release base package to PyPI
uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
with:
skip-existing: true
Loading