Skip to content

Fix Trusted Publisher OIDC mismatch for TestPyPI publish job#5

Closed
Copilot wants to merge 2 commits into
masterfrom
copilot/fix-publish-to-testpypi-job
Closed

Fix Trusted Publisher OIDC mismatch for TestPyPI publish job#5
Copilot wants to merge 2 commits into
masterfrom
copilot/fix-publish-to-testpypi-job

Conversation

Copilot AI commented Jun 21, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

The "Publish to TestPyPI" job was failing with invalid-publisher: valid token, but no corresponding publisher because no Trusted Publisher was configured on TestPyPI for this repo/workflow, and the publishing jobs lacked a GitHub environment — the recommended anchor for OIDC subject claims.

Changes

  • release.yaml: Add environment: testpypi to publish-testpypi job and environment: pypi to publish-pypi job
publish-testpypi:
  environment: testpypi
  permissions:
    id-token: write

A Trusted Publisher has been registered on TestPyPI (nuvolos-cloud/python-connector, workflow release.yaml, environment: Any). The named GitHub environment ensures the OIDC token carries an environment claim, matching standard PyPI trusted publisher conventions and enabling environment protection rules.

Copilot AI changed the title [WIP] Fix failing GitHub Actions job 'Publish to TestPyPI' Fix TestPyPI trusted publishing claim mismatch in release.yaml Jun 21, 2026
Copilot AI requested a review from daniel-sali June 21, 2026 14:43
Copilot AI changed the title Fix TestPyPI trusted publishing claim mismatch in release.yaml Fix Trusted Publisher OIDC mismatch for TestPyPI publish job Jun 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daniel-sali daniel-sali Awaiting requested review from daniel-sali

Assignees

@daniel-sali daniel-sali

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@daniel-sali