Trusted Publishing: start by migrating `pip-tools`

[webknjaz]

There's a release request that nobody really can handle, as there's no lead that is active right now: https://github.com/jazzband/pip-tools/issues/2112. I've been fixing up the CI to get it to a green state lately, and I remembered talking to @jezdez regarding migrating to Trusted Publishing to eliminate the need to proxy the releases through Jazzband's private index.

I've made a PR with a PoC that roughly keeps the process the same, short of using a private index: https://github.com/jazzband/pip-tools/pull/2149. But in order to go ahead, we should figure out all the configuration bits that aren't available to me.

@jezdez could you take a look and see what's needed to move this forward and perhaps learn how to scale it to other projects.

P.S. This is not asking to make me lead. Let's hope somebody shows up for the release and focus on things that are actionable.

[webknjaz]

@jezdez looking at your commit chart, it looks like you're on vacation. I'll try to remind you of this in some while.

[MRigal]

@jezdez maybe now? Using Trusted publishing in various projects could help us releasing new version for django-fsm-log. See https://github.com/jazzband/help/issues/386

[webknjaz]

FTR, we've hit a configuration problem in #411 where the GitHub Environment does not allow self-reviews when it should.

[jezdez]

@webknjaz I've done some work on the org wide permissions, does this work again?

[webknjaz]

@webknjaz I've done some work on the org wide permissions, does this work again?

Now that self-reviews are in, it does.