Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI: use hashes for actions' versions in publishing job #579

Merged
merged 1 commit into from
Aug 14, 2024

Conversation

bsipocz
Copy link
Member

@bsipocz bsipocz commented Aug 14, 2024

No description provided.

@andyfaff
Copy link
Member

@bsipocz, what's your experience with trusted publishing? Do you think it would be worth considering for numpy/numpy releases?

@larsoner
Copy link
Collaborator

My (unsolicited) 2c -- I use trusted publishing in several projects and it has been very easy to set up by following the instructions, would recommend 👍

Thanks @bsipocz !

@larsoner larsoner merged commit e478841 into numpy:main Aug 14, 2024
25 of 26 checks passed
@stefanv stefanv added this to the 1.9.0 milestone Aug 14, 2024
@bsipocz
Copy link
Member Author

bsipocz commented Aug 14, 2024

@andyfaff - I use it in smaller projects and have good experiences, but to be honest I'm not sure how it would be for something like numpy that has a more complicated release procedure and a lot of flavours of wheels to be produced and released. (I would expect a one-time not very easy but not super difficult setup, and then a couple of cycles of frustrations when the logic is not working as expected with partial build issues).

@bsipocz bsipocz deleted the MAINT_use_hashes branch August 14, 2024 17:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants