Skip to content

Fix PyPI trusted publishing: add id-token: write to upload_all#928

Merged
jeongyoonlee merged 1 commit into
masterfrom
fix/pypi-publish-id-token
Jul 4, 2026
Merged

Fix PyPI trusted publishing: add id-token: write to upload_all#928
jeongyoonlee merged 1 commit into
masterfrom
fix/pypi-publish-id-token

Conversation

@jeongyoonlee

Copy link
Copy Markdown
Collaborator

Fix PyPI trusted publishing (id-token: write)

The v0.17.0 publish workflow failed at the upload_all step:

Trusted publishing exchange failure:
OpenID Connect token retrieval failed: missing or insufficient OIDC token permissions,
the ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variable was unset

The upload_all job was missing id-token: write, which PyPI trusted publishing (OIDC) requires. #871 switched from an API token to trusted publishing but never added the permission, and v0.17.0 was the first release to actually exercise it — so all wheels built successfully but the PyPI upload failed (nothing was published).

This adds the job-level permission. After merge, the v0.17.0 release will be re-cut to re-trigger the publish.

The v0.17.0 publish workflow failed with "OpenID Connect token retrieval
failed: missing or insufficient OIDC token permissions" because the
upload_all job lacked `id-token: write`, which PyPI trusted publishing
(OIDC) requires. #871 switched to trusted publishing but never added the
permission, and v0.17.0 was the first release to exercise it.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@jeongyoonlee jeongyoonlee merged commit dff8ec3 into master Jul 4, 2026
10 checks passed
@jeongyoonlee jeongyoonlee deleted the fix/pypi-publish-id-token branch July 4, 2026 06:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant