Jupyter PyPI Trusted Publishers

As mentioned in the meeting yesterday, we should consider using [PyPI Trusted Publishers](https://docs.pypi.org/trusted-publishers/using-a-publisher/) for Jupyter Projects.

I ran an experiment using my [test-python-project](https://github.com/blink1073/test-python-project/blob/ba2c29eccef3ad9958c7abf0c8096f9a1a11424c/.github/workflows/release.yml) repository.  I made a release to the Test PyPI instance using my main account, and then one using a backup account, that does not have a login to Test PyPI.  

<img width="618" alt="image" src="https://user-images.githubusercontent.com/2096628/235964571-0c0427f8-c51a-4fa2-ac62-4ee331dd82da.png">


Here is what the PyPI security log looks like:

<img width="494" alt="image" src="https://user-images.githubusercontent.com/2096628/235962384-9ecbc818-6aef-4c6c-aa9a-671ac9fddae1.png">

Here is the deployment log from the repo:

<img width="732" alt="image" src="https://user-images.githubusercontent.com/2096628/235963275-42b77539-edbd-461f-aa96-4bbf37746550.png">

The publish permissions would move from PyPI to the Environment Permissions on the repository:

<img width="470" alt="image" src="https://user-images.githubusercontent.com/2096628/235963867-5f9f5977-2533-438f-b599-28d920c86e46.png">



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Jupyter PyPI Trusted Publishers #63

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Jupyter PyPI Trusted Publishers #63

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions