Proof of concept package for a signed PyPI release workflow.
uv sync --group build
uv run python generate_proto.py
uv buildPushing a tag that matches v*.*.* triggers .github/workflows/publish.yml.
The workflow:
- installs build dependencies with
pip - builds the wheel and sdist with
python -m build - signs the distributions with Sigstore
- publishes to PyPI with GitHub OIDC
- uploads the signed artifacts to the GitHub release
Local development stays on uv; CI release publishing uses pip.
The workflow runs on GitHub-hosted ubuntu-latest runners.