Unfortunately, we cannot use OIDC for PyPI with reusable workflows, yet. This means that only the build process is defined in the organizational CI and the publishing step needs to be defined in the caller repo itself (which means redundant workflow definitions).
An alternative could be tokenized access, but then the tokens would need to be regenerated every 90 days so I prefer the OIDC solution, eventhough it is a bit verbose.
Unfortunately, we cannot use OIDC for PyPI with reusable workflows, yet. This means that only the build process is defined in the organizational CI and the publishing step needs to be defined in the caller repo itself (which means redundant workflow definitions).
An alternative could be tokenized access, but then the tokens would need to be regenerated every 90 days so I prefer the OIDC solution, eventhough it is a bit verbose.