Configure a Trusted Publisher in your PyPI project settings by adding a GitHub Actions publisher and specifying the repository owner, repository name, workflow filename, and optionally the environment name
In the GitHub Actions workflow, set permissions: id-token: write and use the pypa/gh-action-pypi-publish action (version 1.10.0 or later supports attestations) with the attestations: true input to automatically generate and upload a provenance attestation
PyPI receives the package files along with the SLSA provenance and PEP 740 attestation bundle signed via Sigstore using the workflow's OIDC identity; no API token or password is needed when using Trusted Publishing
After publishing, verify the attestation is visible on the PyPI package page under the Provenance section, which links to the specific GitHub Actions run and Rekor log entry
Consumers can verify the attestation programmatically using the PyPI Integrity API: GET https://pypi.org/integrity/<PACKAGE>/<VERSION>/<FILENAME>/provenance which returns the provenance bundle
Known gotchas
Trusted Publishing requires the PyPI project to pre-register the specific GitHub repository and workflow file path; a workflow file rename or repository transfer breaks the publisher link and must be updated in PyPI settings
The attestations: true option in pypa/gh-action-pypi-publish only works when the workflow uses Trusted Publishing (OIDC); classic API token uploads do not support attestation generation through this action
PyPI provenance is per-file, not per-release; if a release includes both a wheel and an sdist, each file receives its own attestation bundle and each must be individually verifiable
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp