Get a temporary access token for publishing to a pyx registry with Trusted Publishing.

To use this action, you must have a Trusted Publisher configured on pyx. Refer to the pyx documentation for more information.

• Usage
  • Prerequisites
  • Quickstart
  • Use your workspace's default registry
  • Pass the upload URL explicitly
• Inputs
  • index
  • workspace
  • registry
  • url
• Outputs
  • url
  • token

To use this action, you must have a Trusted Publisher configured on pyx. Refer to the pyx documentation for more information.

Additionally, this action requires the id-token: write permission, in order to fetch an OIDC token from GitHub. This permission is not granted by default, so you must explicitly add it to your job:

permissions:
  id-token: write # for Trusted Publishing to pyx
  contents: read # for actions/checkout, if you're in a private repo

Use the [[tool.uv.index]] section in your pyproject.toml to configure your pyx registry:

[[tool.uv.index]]
name = "main"
url = "https://api.pyx.dev/simple/acme/main"
publish-url = "https://api.pyx.dev/v1/upload/acme/main"

(Replace acme and main with your workspace and registry names.)

Then, use the index input to tell pyx which index you intend to publish to:

jobs:
  publish:
    runs-on: ubuntu-latest
    permissions:
      id-token: write # for Trusted Publishing to pyx
      contents: read # for actions/checkout, if you're in a private repo
    steps:
      - uses: astral-sh/pyx-auth-action@91cba5589c19c6e57e4688208832a1ffd60f9044 # v0.0.10
        id: auth
        with:
          index: main

      - run: uv publish
        env:
          UV_PUBLISH_URL: ${{ steps.auth.outputs.url }}
          UV_PUBLISH_TOKEN: ${{ steps.auth.outputs.token }}

If you don't want to use the [[tool.uv.index]] section in your pyproject.toml, you can specify the workspace and registry inputs directly.

If you're publishing to your workspace's default registry, you can omit the registry input:

- uses: astral-sh/pyx-auth-action@91cba5589c19c6e57e4688208832a1ffd60f9044 # v0.0.10
  id: auth
  with:
    workspace: acme

- run: uv publish
  env:
    UV_PUBLISH_URL: ${{ steps.auth.outputs.url }}
    UV_PUBLISH_TOKEN: ${{ steps.auth.outputs.token }}

Instead of passing workspace and registry, you can pass the upload URL directly:

- uses: astral-sh/pyx-auth-action@91cba5589c19c6e57e4688208832a1ffd60f9044 # v0.0.10
  id: auth
  with:
    url: https://api.pyx.dev/v1/upload/acme/main

- run: uv publish
  env:
    UV_PUBLISH_URL: ${{ steps.auth.outputs.url }}
    UV_PUBLISH_TOKEN: ${{ steps.auth.outputs.token }}

The name of the index to publish to, as defined in the [[tool.uv.index]] section of your pyproject.toml.

See uv - Publishing your package for more information on configuring indexes for publishing.

Mutually exclusive with workspace, registry, and url.

The workspace being published to.

Mutually exclusive with index and url.

The registry being published to, within the workspace.

Optional; defaults to the workspace's default registry.

Mutually exclusive with index and url.

The upload URL being published to.

Mutually exclusive with index, workspace, and registry.

The upload URL being published to.

This is identical to the url input, if it was used.

If workspace and registry were provided instead, this is the constructed upload URL.

The upload token to use when publishing.

pyx-auth-action is licensed under either of

• Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
• MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)

at your option.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in pyx-auth-action by you, as defined in the Apache-2.0 license, shall be dually licensed as above, without any additional terms or conditions.