Skip to content

CI: add PyPI Trusted-Publishing “publish” job to wheels workflow (#61669) #61718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 23 commits into
base: main
Choose a base branch
from
Open

CI: add PyPI Trusted-Publishing “publish” job to wheels workflow (#61669) #61718

Show file tree
Hide file tree
Changes from 14 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
a419d40
CI: add Trusted Publishing job to wheels workflow (#61669)
Jun 26, 2025
abda427
Remove obsolete standalone publish workflow
Jun 26, 2025
6e9027c
CI: fix wheel-workflow YAML, drop win-arm64
Jun 26, 2025
e3e583d
CI: set project name to evgmosme-pandas for TestPyPI
Jun 26, 2025
9f9013e
CI: temporarily shrink workflow matrix and add
Jun 26, 2025
4e4cc1e
CI: skip pyodide wheel on TestPyPI upload
Jun 26, 2025
d311ce4
Restore original wheels.yml from upstream/main
Jun 26, 2025
6360900
CI: skip win_arm64 for tests, add final publish block
Jun 26, 2025
c15c176
CI: final Trusted-Publishing workflow (PyPI ready)
Jun 26, 2025
0332486
Docs & CI: add publish-comment header; final PyPI configuration
Jun 27, 2025
c675826
DOC: add Build/CI trusted-publishing entry to v3.0.0 whatsnew (#61669)
Jun 27, 2025
3cac6a5
CI: restore project name 'pandas' in pyproject.toml
Jun 27, 2025
45291a7
CI: normalize line endings in wheels.yml (pre-commit)
Jun 27, 2025
da41c89
DOC: replace <PR_NUMBER> with 61718 in whatsnew
Jun 27, 2025
409dcb4
CI: restrict publish job to upstream repo and add skip-existing
Jun 27, 2025
50afff6
DOC: move Trusted-Publishing note to 'Other enhancements'
Jun 27, 2025
b94eb08
workflow: enable Test PyPI publish job
Jun 30, 2025
58cb179
CI: fix indentation in wheels.yml (publish job)
Jun 30, 2025
7359e1b
CI: trigger wheels workflow on GitHub release (add release:published)
Jun 30, 2025
f482759
Update .github/workflows/wheels.yml
EvMossan Jul 1, 2025
0aa892f
Update doc/source/development/maintaining.rst
EvMossan Jul 1, 2025
da3c281
Update doc/source/development/maintaining.rst
EvMossan Jul 1, 2025
ba4c3bd
Update doc/source/development/maintaining.rst
EvMossan Jul 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 40 additions & 0 deletions .github/workflows/wheels.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -219,3 +219,43 @@ jobs:
source ci/upload_wheels.sh
set_upload_vars
upload_wheels

################################################
# Publish Wheels and Source Distribution to PyPI
################################################
publish:
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
needs:
- build_sdist
- build_wheels
runs-on: ubuntu-latest

environment:
name: pypi

permissions:
id-token: write # OIDC token for Trusted Publishing
contents: read

steps:
# 1. Pull every artifact produced by the two upstream jobs
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: dist # all files land in ./dist/**

# 2. Move wheels & sdist into a flat 'upload' dir (skip Pyodide wheels)
- name: Collect files
run: |
mkdir -p upload
# skip anything containing 'pyodide' in the filename
find dist -name '*pyodide*.whl' -prune -o \
-name '*.whl' -exec mv {} upload/ \;
find dist -name '*.tar.gz' -exec mv {} upload/ \;

# 3. Publish to PyPI using Trusted Publishing
- name: Publish to PyPI (Trusted Publishing)
uses: pypa/gh-action-pypi-publish@release/v1
with:
repository-url: https://upload.pypi.org/legacy/
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this line needed? (it's not included in the example in https://docs.pypi.org/trusted-publishers/using-a-publisher/)

Copy link

@EpicWink EpicWink Jul 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not necessary, and as far as I know there's no recommendation to hard-code it. When the upload API 2.0 PEP lands, this URL and action will change anyway.

packages-dir: upload
8 changes: 8 additions & 0 deletions doc/source/whatsnew/v3.0.0.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -665,6 +665,14 @@ Performance improvements
- Performance improvement in indexing operations for string dtypes (:issue:`56997`)
- Performance improvement in unary methods on a :class:`RangeIndex` returning a :class:`RangeIndex` instead of a :class:`Index` when possible. (:issue:`57825`)

.. ---------------------------------------------------------------------------
.. _whatsnew_300.build:

Build / CI
~~~~~~~~~~

- Switched wheel upload to **PyPI Trusted Publishing** (OIDC) for release-tag pushes in ``wheels.yml``. (:issue:`61718`)

.. ---------------------------------------------------------------------------
.. _whatsnew_300.bug_fixes:

Expand Down
Loading