[Bug] Switch to Trusted Publishing for package upload to PyPI in CI

Trusted publishing (with attestations) is currently suggested as good practice to ensure confidence that what users download from PyPI is the same artifact that was generated in GitHub CI, meaning that what I see in GitHub is the same as what is installed - handy for auditing. It also avoids the presence of PyPI tokens as 'secrets' in the CI, which can be exfiltrated by bad actors.

Following the recent litellm supply chain attack this week, I would like to express my support for this<sup>*</sup>. The msal and msal-extensions packages are two of the 16 packages in the top 500 PyPI packages ([by downloads](https://hugovk.github.io/top-pypi-packages/)) which use the pypa/gh-action-pypi-publish action but have not yet upgraded it to use Trusted Publishing: this is 'low hanging fruit' in terms of making Python a more secure programming environment.

Instead of using the stored secret token, GitHub vouches for the upload, and PyPI checks the uploading CI workflow filename against a pre-declared filename you set ahead of time (in redis's case the filename is `pypi-publish.yaml`). It also requires creating an 'environment' for the repo on GitHub (suggested name "pypi") which you also register the package with on PyPI.

<sup>*</sup> Post-mortems of the litellm attack: 
1. https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/
2. https://snyk.io/articles/poisoned-security-scanner-backdooring-litellm/

<details><summary>Implementation (click to expand)</summary>

* Configure (or use an existing) GitHub environment, and register with PyPI

* Add the [environment definition](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idenvironment) to the same `cd` job

* Add `id-token: write`, `contents: write` and `packages: write` [permissions](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idpermissions) to the same `cd` job
  
  * specifying any permission restricts the token, and creating a GitHub release requires `contents: write` and potentially `packages: write`

* Remove `user` and `password` arguments in the `Publish to PyPI when tagged` step of the `cd` job of the [CI/CD](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/.github/workflows/python-package.yml) CI workflow

* Optionally remove the `PYPI_API_TOKEN` project secret

</details>

- **Note**: I just realised the msal and msal-extensions are in separate repos so submitted it both here and to the extensions repo https://github.com/AzureAD/microsoft-authentication-extensions-for-python/issues/148

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] Switch to Trusted Publishing for package upload to PyPI in CI #892

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Bug] Switch to Trusted Publishing for package upload to PyPI in CI #892

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions