Trusted publishing: support for GitLab CI · Issue #13575 · pypi/warehouse (original) (raw)

Skip to content

Navigation Menu

• • GitHub Copilot Write better code with AI
  • GitHub Advanced Security Find and fix vulnerabilities
  • Actions Automate any workflow
  • Codespaces Instant dev environments
  • Issues Plan and track work
  • Code Review Manage code changes
  • Discussions Collaborate outside of code
  • Code Search Find more, search less
• Explore
  • Learning Pathways
  • Events & Webinars
  • Ebooks & Whitepapers
  • Customer Stories
  • Partners
  • Executive Insights
• • GitHub Sponsors Fund open source developers
  • The ReadME Project GitHub community articles
• • Enterprise platform AI-powered developer platform
• Pricing

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sign up

Appearance settings

Description

Per #12465 (comment): GitLab now supports a customizable aud for their CI-issued identity tokens, meaning that it should be possible to integrate them as a provider of trusted publishers!

Some initial tasks:

• Extract some GitLab OIDC tokens and inspect their claim set
• Determine the appropriate set of fields/claim constraints to expose to users

From there, the actual development tasks on this should look similar to the tasks enumerated in #13551.