Migrate to PyPI Trusted publishers
1ucian0 opened this issue · 0 comments
1ucian0 commented
The Qiskit's PyPI account is enabling 2FA on Oct 19. As a consequence, deploying this repo won longer be able to use password authentication for publishing this package to PyPI after this date. The best mechanism PyPI offers for publishing now is trusted publishers:
https://docs.pypi.org/trusted-publishers/using-a-publisher/
which authorizes a GitHub Action workflow to push to PyPI and bypasses the need for any user credentials.
So, this repo needs such a workflow. Take a look to other project as examples:
.github/workflows/wheels.ymlin https://github.com/Qiskit/qiskit/pull/10999/files.github/workflows/deploy-code.ymlin https://github.com/qiskit-community/qiskit-machine-learning/pull/698/files
Once done, a manual linking process needs to be done in the web UI by @mtreinish .