Generate token for new not yet uploaded package ? #16057
Labels
Comments
Carreau
added
feature request
requires triaging
|
Our recommendation is to use Trusted Publishing to create the project instead -- see #6378. |
|
To add to what @di said: Trusted Publishing has a concept of "pending publishers" for this exact scenario: you can register a "pending publisher" for a project that doesn't exist yet, and it'll be turned into a full Trusted Publisher once you use it. (You can also technically do this by manually attenuating a user-scoped API token locally, since it's a Macaroon under the hood. But I suspect that'll be much less beginner-friendly than Trusted Publishing 🙂) |
woodruffw
removed
the
requires triaging
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What's the problem this feature will solve?
I want to create a token to upload a package that does not exist yet.
I can only use a general token for the first upload and then need to change the token, which is annoying (as far as I can tel).
Describe the solution you'd like
Ability to create a "lazy" token, that once used to upload a given package can only be used for this package forward.
Additional context
I was helping someone upload their first package, and it was not super frictionless.
The text was updated successfully, but these errors were encountered: