Trusted publishing: "OIDC added" email does not specify full trust details · Issue #13577 · pypi/warehouse (original) (raw)

Story

I asked my co-maintainer to configure trusted publishing on a project where I don't have owner privileges. I gave them detailed instructions.
When they added trusted publishing, I got this email:
https://github.com/pypi/warehouse/blob/0795e55d/warehouse/templates/email/trusted-publisher-added/body.html#L31

Specifically, this is what I saw:

Publisher name: GitHub
Publisher specification: ci-cd.yml

As you can see, the specification field only contains the workflow name. It does not say which repository is trusted, nor does it specify the environment name (which was the main piece of information I was looking out for).

Expectations

I'd like to be able to see all the details of the trust configuration, including the optional fields.

Motivation

This is useful for logging purposes, correctness verification, implementation matching. Especially since this information is not available on the web interface to the accounts with the maintainer-level access.