99
1010This action allows you to upload your [ Python distribution packages]
1111in the ` dist/ ` directory to PyPI.
12- This text suggests a minimalistic usage overview. For more detailed
12+ This text suggests a minimalistic usage overview. For a more detailed
1313walkthrough check out the [ PyPA guide] .
1414
1515If you have any feedback regarding specific action versions, please leave
@@ -29,7 +29,7 @@ tag, or opt-in to [use a full Git commit SHA] and Dependabot.
2929
3030## Usage
3131
32- ### Trusted publishing
32+ ### Trusted Publishing
3333
3434> [ !NOTE]
3535> Trusted publishing cannot be used from within a reusable workflow at this
@@ -39,7 +39,7 @@ tag, or opt-in to [use a full Git commit SHA] and Dependabot.
3939> use a username/token inside the reusable workflow.
4040
4141> [ !NOTE]
42- > Trusted publishing is sometimes referred to by its
42+ > Trusted Publishing is sometimes referred to by its
4343> underlying technology -- OpenID Connect, or OIDC for short.
4444> If you see references to "OIDC publishing" in the context of PyPI,
4545> this is what they're referring to.
7878> [!NOTE]
7979> Pro tip: instead of using branch pointers, like ` unstable/v1`, pin versions of
8080> Actions that you use to tagged versions or sha1 commit identifiers.
81- > This will make your workflows more secure and better reproducible, saving you
81+ > This will make your workflows more secure and more reproducible, saving you
8282> from sudden and unpleasant surprises.
8383
8484Other indices that support trusted publishing can also be used, like TestPyPI :
@@ -98,7 +98,7 @@ _(don't forget to update the environment name to `testpypi` or similar!)_
9898> or test environment won't be able to elevate privileges while flying under
9999> the radar.
100100
101- A common use case is to upload packages only on a tagged commit, to do so add a
101+ A common use case is to upload packages only on a tagged commit. To do so, add a
102102filter to the job :
103103
104104` ` ` yml
@@ -126,7 +126,7 @@ using Trusted Publishing. To disable it, set `attestations` as follows:
126126
127127The attestation objects are created using [Sigstore] for each
128128distribution package, signing them with the identity provided
129- by the GitHub's OIDC token associated with the current workflow. This means
129+ by GitHub's OIDC token associated with the current workflow. This means
130130both the trusted publishing authentication and the attestations are tied to the
131131same identity.
132132
@@ -191,7 +191,7 @@ artifact in that job, and then invoke the publishing job that would run
191191within GitHub-provided runners, downloading the artifact with the dists
192192and publishing them. Such separation is the _recommended_/**supported**
193193way of handling this scenario.
194- Our understandng is that Trusted publishing is expected to work on
194+ Our understanding is that Trusted Publishing is expected to work on
195195self-hosted runners. It is backed by OIDC. If it doesn't work, you
196196should probably ask GitHub if you missed something. We wouldn't be able
197197to assist here.
@@ -304,7 +304,7 @@ default) setting as follows:
304304
305305# ## For Debugging
306306
307- Sometimes, `twine upload` can fail and to debug use the `verbose` setting as follows :
307+ Sometimes, `twine upload` can fail. To debug, use the `verbose` setting as follows :
308308
309309` ` ` yml
310310 with:
@@ -314,7 +314,7 @@ Sometimes, `twine upload` can fail and to debug use the `verbose` setting as fol
314314# ## Showing hash values of files to be uploaded
315315
316316You may want to verify whether the files on PyPI were automatically uploaded by CI script.
317- It will show SHA256, MD5, BLAKE2-256 values of files to be uploaded.
317+ It will show the SHA256, MD5, BLAKE2-256 values of files to be uploaded.
318318
319319` ` ` yml
320320 with:
0 commit comments