Open-Source Wikis

/

uv

/

Features

/

Publishing

astral-sh/uv

Publishing

uv publish uploads wheels and sdists to PyPI-compatible indexes, with optional OIDC-based trusted publishing.

Setup

The simplest case: uv publish dist/* from a project that's already built. By default uv:

  • Looks at [[tool.uv.index]] to determine which index to upload to (the default is PyPI's upload.pypi.org).
  • Resolves credentials via uv-auth (URL-embedded → env vars → keyring → trusted publishing).
  • Uploads each file in parallel, with retries for transient failures.

Trusted publishing

Inside a GitHub Actions runner with a properly-configured publisher on PyPI:

- run: uv build
- run: uv publish

uv detects the ACTIONS_ID_TOKEN_REQUEST_URL env var, mints an OIDC ID token, exchanges it for a short-lived API token, and uploads. No long-lived secret needs to be stored in the repository.

The exchange logic lives in crates/uv-publish/src/trusted_publishing/pypi.rs (and pyx variant in pyx.rs).

What gets validated locally

Before any upload, uv:

This catches surprisingly many real-world packaging errors before they hit the index.

See also

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Publishing – uv wiki | Factory