Skip to content

ci: inline beta release jobs to fix PyPI trusted publishing#782

Open
vdusek wants to merge 1 commit intomasterfrom
ci/inline-beta-release-for-pypi
Open

ci: inline beta release jobs to fix PyPI trusted publishing#782
vdusek wants to merge 1 commit intomasterfrom
ci/inline-beta-release-for-pypi

Conversation

@vdusek
Copy link
Copy Markdown
Contributor

@vdusek vdusek commented May 6, 2026

Summary

PyPI's Trusted Publishing rejects OIDC tokens issued from reusable workflows:

The claims in this token suggest that the calling workflow is a reusable workflow. Reusable workflows are not currently supported by PyPI's Trusted Publishing.

on_master.yaml was invoking manual_release_beta.yaml via uses:, which made the OIDC token reflect a reusable workflow call. The same fix has already been applied in apify/apify-shared-python#63 and apify/crawlee-python#1875.

Changes

  • on_master.yaml: inline the four beta release jobs (release_prepare, changelog_update, pypi_publish, doc_release_post_publish) directly, instead of calling manual_release_beta.yaml as a reusable workflow.
  • manual_release_beta.yaml: remove the workflow_call trigger (no longer invoked from another workflow) and add a comment explaining why the duplication exists.
  • Drop the unused tag_name output from release_prepare in both files.

Follow-up

The PyPI Trusted Publisher for apify-client is currently configured for manual_release_beta.yaml. After this is merged, an entry for on_master.yaml needs to be added on PyPI so the automatic beta release passes verification.

See: https://docs.pypi.org/trusted-publishers/troubleshooting/#reusable-workflows-on-github

@vdusek
ci: inline beta release jobs to fix PyPI trusted publishing
60136c8 
PyPI's Trusted Publishing rejects OIDC tokens issued from reusable workflows,
so the beta release jobs are inlined into on_master.yaml instead of being
invoked via `uses:` from manual_release_beta.yaml.
@vdusek vdusek added adhoc Ad-hoc unplanned task added during the sprint. t-tooling Issues with this label are in the ownership of the tooling team. labels May 6, 2026
@vdusek vdusek self-assigned this May 6, 2026
@vdusek vdusek requested a review from janbuchar May 6, 2026 08:09
@github-actions github-actions Bot added this to the 140th sprint - Tooling team milestone May 6, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 6, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.54%. Comparing base (26c8d76) to head (60136c8).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #782      +/-   ##
==========================================
+ Coverage   97.52%   97.54%   +0.02%     
==========================================
  Files          47       47              
  Lines        4725     4725              
==========================================
+ Hits         4608     4609       +1     
+ Misses        117      116       -1
Flag Coverage Δ
integration 95.17% <ø> (-0.13%) ⬇️
unit 82.11% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janbuchar janbuchar Awaiting requested review from janbuchar

At least 1 approving review is required to merge this pull request.

Assignees

@vdusek vdusek

Labels

adhoc Ad-hoc unplanned task added during the sprint. t-tooling Issues with this label are in the ownership of the tooling team.

Projects

None yet

Milestone

140th sprint - Tooling team

Development

Successfully merging this pull request may close these issues.

2 participants

@vdusek @apify-service-account