Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔒 Add GPG keys to sign the python wheel to publish on pypi #1687

Merged
merged 4 commits into from
Feb 8, 2024
Merged

🔒 Add GPG keys to sign the python wheel to publish on pypi #1687

merged 4 commits into from
Feb 8, 2024

Conversation

samet-akcay
Copy link
Contributor

📝 Description

This is one of the criteria in the silver badge for the bestpractices:

The project MUST cryptographically sign releases of the project results intended for widespread use, and there MUST be a documented process explaining to users how they can obtain the public signing keys and verify the signature(s). The private key for these signature(s) MUST NOT be on site(s) used to directly distribute the software to the public. If releases are not intended for widespread use, select "not applicable"

This PR adds a GPG key to sign the build before uploading the PyPI.

✨ Changes

Select what type of change your PR is:

  • 🐞 Bug fix (non-breaking change which fixes an issue)
  • 🔨 Refactor (non-breaking change which refactors the code base)
  • 🚀 New feature (non-breaking change which adds functionality)
  • 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • 📚 Documentation update
  • 🔒 Security update

✅ Checklist

Before you submit your pull request, please make sure you have completed the following steps:

  • 📋 I have summarized my changes in the CHANGELOG and followed the guidelines for my type of change (skip for minor changes, documentation updates, and test enhancements).
  • 📚 I have made the necessary updates to the documentation (if applicable).
  • 🧪 I have written tests that support my changes and prove that my fix is effective or my feature works (if applicable).

@github-actions github-actions bot added the CI label Jan 27, 2024
@samet-akcay
Copy link
Contributor Author

not sure why this test fails though. It also fails in some other prs

@samet-akcay samet-akcay merged commit 241c147 into openvinotoolkit:main Feb 8, 2024
7 checks passed
@samet-akcay samet-akcay deleted the security/gpg-keys branch February 8, 2024 20:54
adrianboguszewski pushed a commit to adrianboguszewski/anomalib that referenced this pull request Feb 9, 2024
@samet-akcay @adrianboguszewski
🔒 Add GPG keys to sign the python wheel to publish on pypi (openvinot…
ff5ed2f 
…oolkit#1687)

Fix the commits
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashwinvaidya17 ashwinvaidya17 ashwinvaidya17 approved these changes

@yunchu yunchu Awaiting requested review from yunchu

Assignees
No one assigned
Labels
CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@samet-akcay @ashwinvaidya17