Skip to content

Enable Sigstore wheel attestations via pypa/gh-action-pypi-publish #7

Open
Open
Enable Sigstore wheel attestations via pypa/gh-action-pypi-publish#7
Labels
ciCI/InfrastructureenhancementNew feature or requestpriority: P2Nice-to-havesize: SQuick win — a few hours or less
@zeevdr

Description

@zeevdr
zeevdr
opened on Apr 20, 2026

Description

pypa/gh-action-pypi-publish already used for OIDC trusted publishing. Adding attestations: true emits Sigstore-backed wheel attestations visible on PyPI. Same credibility tier as npm provenance already in place on TS SDK.

Acceptance criteria

  • Set attestations: true in publish step
  • Verify attestations appear on PyPI package page
  • Document verification path in README
  • Cross-link with decree#16 (org-wide attestation plan)

Metadata

Metadata

Assignees

No one assigned

    Labels

    ciCI/InfrastructureenhancementNew feature or requestpriority: P2Nice-to-havesize: SQuick win — a few hours or less

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions