Python Python Authentication

Publish packages to PyPI

Option 1: Trusted Publishing (OIDC)

Recommended
No secrets needed! PyPI authenticates directly with GitHub Actions via OIDC.

Setup on PyPI

  1. Go to your project on pypi.org
  2. Navigate to Settings → Publishing
  3. Add a new trusted publisher:
    • Owner: your-org
    • Repository: your-repo
    • Workflow: release.yml
    • Environment: (leave blank or use release)

Workflow Configuration

permissions:
  contents: write
  id-token: write  # Required for trusted publishing

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: astral-sh/setup-uv@v4

      - uses: a-line-services/release-pilot@v1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

Option 2: API Token

If you can't use trusted publishing, use an API token:

Getting a PyPI Token

  1. Go to pypi.org/manage/account/token
  2. Create a token scoped to your project
  3. Add it as PYPI_TOKEN secret in your repo

Using with uv

- uses: astral-sh/setup-uv@v4

- uses: a-line-services/release-pilot@v1
  with:
    github-token: ${{ secrets.GITHUB_TOKEN }}
  env:
    UV_PUBLISH_TOKEN: ${{ secrets.PYPI_TOKEN }}

Using with twine

- uses: actions/setup-python@v5
  with:
    python-version: '3.12'

- run: pip install build twine

- uses: a-line-services/release-pilot@v1
  with:
    github-token: ${{ secrets.GITHUB_TOKEN }}
  env:
    TWINE_USERNAME: __token__
    TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}

TestPyPI

To test publishing before going to production PyPI:

env:
  UV_PUBLISH_URL: https://test.pypi.org/legacy/
  UV_PUBLISH_TOKEN: ${{ secrets.TEST_PYPI_TOKEN }}

Private Registries

For private PyPI registries (Artifactory, DevPI, etc.):

env:
  UV_PUBLISH_URL: https://pypi.your-company.com/simple/
  UV_PUBLISH_TOKEN: ${{ secrets.PRIVATE_PYPI_TOKEN }}

pyproject.toml Requirements

Required Fields
[project]
name = "your-package"
version = "0.1.0"
description = "A short description"
readme = "README.md"
license = {text = "MIT"}
authors = [{name = "Your Name", email = "you@example.com"}]
requires-python = ">=3.8"

Environment Variables

Variable Tool Description
UV_PUBLISH_TOKEN uv PyPI API token
UV_PUBLISH_URL uv Custom registry URL
TWINE_USERNAME twine Username (__token__ for API tokens)
TWINE_PASSWORD twine Password or API token