Description
From https://github.com/pypi/pypi-oidc-private-beta-community/issues/34:
I feel like the long-term API tokens should allow setting up Trusted Publishing via API. Would it be possible to expose a corresponding endpoint? This can be useful for mass-maintained sets of projects that follow the same structure, like the ones relying on https://github.com/jaraco/skeleton or similar. Such an API could enable setting up new projects from templates and complement things like GitHub repository templates or cookiecutter templates. For projects migrating from the project-scoped API tokens, it might be useful to have a self-destruct API endpoint, that would expire the current token which could be used for such migration automation. Is it hard to implement such an interface?
What's the problem this feature will solve?
Allows maintainers with dozens or hundreds of projects to readily enroll with trusted publishing (and apply the requisite change upstream) without the toil of clicking through pages of web pages.
Describe the solution you'd like
An addition to the REST API that lets users configure trusted publishing would readily allow automation of this process.
Alternatives for consideration:
- have trusted publishing enabled by default (maybe based on package metadata)
- allow user to bulk-configure projects, by supplying a list of projects or selecting checkboxes of all projects