Switch PyPI publish workflow to OIDC trusted publishing

[Copilot]

Replaces the long-lived PYPI_TOKEN upload in .github/workflows/pypi.yml with PyPA's official action using OIDC trusted publishing, per the linked GitHub/PyPI guidance.

Changes

• Action: drop the pip install twine + twine upload -u __token__ -p ${{ secrets.PYPI_TOKEN }} step in favour of pypa/gh-action-pypi-publish, pinned to commit SHA cef221092ed1bacb1cc03d23a2d87d1d172e277b (v1.14.0).
• Permissions: add id-token: write on the job so GitHub can mint the OIDC token PyPI exchanges for a short-lived API token.
• Artifact layout: download the released wheel into dist/ (the action's default packages-dir) instead of python/.
• Environment: bind the publish job to a GitHub Actions environment named pypi for additional hardening (deployment branch/tag restrictions, optional required reviewers, deployment record).
• Secret: secrets.PYPI_TOKEN is no longer referenced and can be removed from repo secrets once trusted publishing is live.

permissions:
  id-token: write
...
jobs:
  build_and_publish:
    runs-on: ubuntu-latest
    environment: pypi
    permissions:
      id-token: write
    ...
    - name: Publish PyPi Package to https://pypi.org/project/ccf/
      uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
      with:
        skip-existing: true

Out-of-band setup required

1. Repo settings → Environments: create an environment named pypi (must match the workflow exactly). Optionally restrict "Deployment branches and tags" to the release tag pattern (e.g. ccf-*) and add required reviewers for a manual gate.
2. PyPI: register/update the trusted publisher for the ccf project pointing at microsoft/CCF, workflow pypi.yml, and set the Environment name to pypi. Both sides must match or token minting will fail.

[achamayou]

@copilot what does setting an environment on the job do? Also is there a way to set the write permission at the step level rather than the job?

[Copilot]

@copilot what does setting an environment on the job do? Also is there a way to set the write permission at the step level rather than the job?

Two separate things:

environment: on the job ties the job to a GitHub Actions environment, which gives you:

• Protection rules: required reviewers, wait timers, and a branch/tag allow-list before the job is allowed to run.
• Environment-scoped secrets/variables.
• A deployment record visible in the repo's "Environments" UI.

For trusted publishing specifically, it also acts as an additional constraint on the PyPI side: when you register the trusted publisher on PyPI you can pin it to a workflow and an environment name (e.g. pypi), so even a workflow change on main can't mint a PyPI token unless it runs in that environment — which in turn can be gated by required reviewers. It's the recommended hardening for publish jobs. Happy to add environment: pypi here if you'd like (it'd need to be created in repo settings and matched on PyPI).

Step-level permissions: — no, GitHub Actions doesn't support that. permissions: is only valid at the workflow or job level (docs). The narrowest scope available is the job, which is what this PR does. The usual way to limit blast radius further is to isolate the publish step in its own single-step job (which is already the shape here).

[achamayou]

@copilot add an environment to this workflow, call it pypi - what do I need to do in repo settings?

[Copilot]

@copilot add an environment to this workflow, call it pypi - what do I need to do in repo settings?

Done in 84b59be — added environment: pypi to the build_and_publish job.

Repo settings to do:

1. Settings → Environments → New environment → name it pypi (must match the workflow exactly).
2. (Recommended) On that environment, configure:
   • Deployment branches and tags → "Selected branches and tags" → allow only the tag pattern ccf-* (or main), so only release tags can deploy.
   • Required reviewers → add yourself / the release approvers if you want a manual gate before publishing.
   • Wait timer is optional.
3. No secrets need to live in the environment — OIDC handles auth, and PYPI_TOKEN can be deleted from repo secrets once trusted publishing is confirmed working.

PyPI side: in the ccf project's Publishing settings, edit the existing trusted publisher and set Environment name to pypi. Both sides must match or token minting will fail.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/pypa/gh-action-pypi-publish/git/ref/tags/release/v1
  • Triggering command: /usr/bin/curl curl -s REDACTED (http block)
• https://api.github.com/repos/pypa/gh-action-pypi-publish/git/refs/tags
  • Triggering command: /usr/bin/curl curl -s REDACTED (http block)
• https://api.github.com/repos/pypa/gh-action-pypi-publish/releases/latest
  • Triggering command: /usr/bin/curl curl -s REDACTED (http block)
  • Triggering command: /usr/bin/curl curl -sI REDACTED (http block)
  • Triggering command: /usr/bin/curl curl -sv REDACTED (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

This PR updates the PyPI publish workflow to use OIDC trusted publishing (via pypa/gh-action-pypi-publish) instead of a long-lived PYPI_TOKEN, aligning CCF’s release publishing with PyPA’s recommended approach.

Changes:

• Switch upload mechanism from twine upload with a repository secret to pypa/gh-action-pypi-publish (pinned by commit SHA).
• Add GitHub Actions environment binding (environment: pypi) and enable OIDC (id-token: write) for token minting.
• Download the release wheel into dist/ to match the publish action’s default packages-dir.

Custom instructions used:

• .github/copilot-instructions.md

[achamayou]

@copilot create a follow up PR addressing the review comments.

[achamayou]

@copilot create a new PR addressing the comments you posted after this one was merged.