Publishing uses OIDC-based trusted publishing — no PyPI tokens needed.
- Go to pypi.org/manage/account/publishing/
- Under "Add a new pending publisher", fill in:
- PyPI project name:
pine-voice - Owner:
19PINE-AI - Repository name:
pine-voice-python - Workflow name:
publish.yml - Environment name: (leave blank)
- PyPI project name:
- Click Add
PyPI supports pending publishers, so the package doesn't need to exist first.
-
Bump the version in both places:
pyproject.toml→version = "<VERSION>"src/pine_voice/__init__.py→__version__ = "<VERSION>"
-
Commit and tag:
git add pyproject.toml src/pine_voice/__init__.py git commit -m "release: v<VERSION>" git tag v<VERSION>
-
Push with tags:
git push origin main --tags
-
Monitor the publish workflow at the repo's Actions tab on GitHub.
-
Verify the published package:
pip index versions pine-voice
- The CI workflow runs (build across Python 3.9–3.13, import check, twine check)
- If CI passes, the publish job builds sdist + wheel
pypa/gh-action-pypi-publishexchanges a GitHub OIDC token with PyPI- Package is published to PyPI
- The
RELEASING.mdfile is not included in the PyPI package (hatchling only includessrc/by default) - Remember to bump version in both
pyproject.tomland__init__.py - Trusted publishing eliminates the need for stored PyPI tokens or API keys
- Only tag pushes matching
v*trigger the publish workflow