Skip to content

Commit

Permalink
Merge pull request #150 from trail-of-forks/tob-doc-tweaks
Browse files Browse the repository at this point in the history
  • Loading branch information
webknjaz authored Apr 25, 2023
2 parents f47b347 + 0811f99 commit 5a085bf
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@ tag, or a full Git commit SHA.
> this is what they're referring to.
This example jumps right into the current best practice. If you want to
go for less secure scoped PyPI API tokens, check out [how to specify
username and password].
use API tokens directly or a less secure username and password, check out
[how to specify username and password].

This action supports PyPI's [trusted publishing]
implementation, which allows authentication to PyPI without a manually
Expand Down Expand Up @@ -230,9 +230,9 @@ In the past, when publishing to PyPI, the most secure way of the access scoping
for automatic publishing was to use the [API tokens][PyPI API token] feature of
PyPI. One would make it project-scoped and save as an environment-bound secret
in their GitHub repository settings, naming it `${{ secrets.PYPI_API_TOKEN }}`,
for example. See [Creating & using secrets]. This is no longer encouraged when
publishing to PyPI or TestPyPI, in favor of [trusted publishing].

for example. See [Creating & using secrets]. While still secure,
[trusted publishing] is now encouraged over API tokens as a best practice
on supported platforms (like GitHub).

## License

Expand Down

0 comments on commit 5a085bf

Please sign in to comment.