Skip to content

Spec 8 updates #392

New issue
New issue
Open
Open
Spec 8 updates#392
Labels
SPEC Discussion
@mihaimaruseac

Description

@mihaimaruseac
mihaimaruseac
opened on May 14, 2025

We only have some minor additions to the SPEC 8:

  • separate job that builds the wheel from job that does the upload. Upload job should just download from GitHub artifact and upload to PyPi/conda/etc.
  • zero permissions at top level, permissions in job
    • hashes in GitHub Actions pinning: better to be consistent, updating actions at regular intervals doesn't lead to problems where container expected from actions doesn't match container from workflow
  • remove adopt SLSA section, mention that it is included in the trusted publishers
  • persisten credentials set to false, https://github.com/sigstore/model-transparency/blob/b4f83c1230fd3f3428bd6f24d84ed4c478c19491/.github/workflows/release.yml#L34

As an example: https://github.com/sigstore/model-transparency/blob/main/.github/workflows/release.yml

Metadata

Metadata

Assignees

No one assigned

    Labels

    SPEC Discussion

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions