Skip to content

security: add PEP 740 attestations to PyPI publish#19

Merged
govindkavaturi-art merged 1 commit intomainfrom
security/trusted-publish-attestations
Apr 12, 2026
Merged

security: add PEP 740 attestations to PyPI publish#19
govindkavaturi-art merged 1 commit intomainfrom
security/trusted-publish-attestations

Conversation

@govindkavaturi-art
Copy link
Copy Markdown
Member

@govindkavaturi-art govindkavaturi-art commented Apr 12, 2026

Summary

  • Pin pypa/gh-action-pypi-publish to commit SHA (v1.14.0)
  • Enable attestations: true for PEP 740 provenance on every release
  • Add test job before publish — tests must pass before PyPI release
  • Add explicit permissions: { contents: read } at workflow level
  • Bump version to 0.1.4 for attestation validation release

Test plan

  • CI passes
  • After merge, tag v0.1.4 triggers publish workflow
  • Verify cueapi 0.1.4 on PyPI has attestation badge

🤖 Generated with Claude Code

@claude
security: add PEP 740 attestations to PyPI publish workflow
39295f4 
- Pin pypa/gh-action-pypi-publish to SHA (v1.14.0)
- Enable attestations: true for PEP 740 provenance
- Add test job before publish (tests must pass before release)
- Add explicit permissions: { contents: read } at workflow level
- Bump version to 0.1.4
- Document attestation in README

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@govindkavaturi-art govindkavaturi-art enabled auto-merge (squash) April 12, 2026 19:56
@govindkavaturi-art govindkavaturi-art merged commit a3e1211 into main Apr 12, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@govindkavaturi-art