PyPI Secure Publishing

As a PyPI package maintainer, you need to publish your packages in a secure way. In this simulation game, you will configure PyPI to trust an identity provided by a given OpenID Connect Identity Provider (IdP). You will then generate short-lived, tightly-scoped API tokens from PyPI to publish your packages. You need to be careful about which GitHub Actions environment you use, as each environment has different security restrictions.