Cool, thanks 
So @EWDurbin has brought up one concern about the fact that currently it’s only possible to use username+password auth type. At some point in future it’s planned to implement token-based access and he suggested that it’s better to “advertise” such action only after that happens.
OTOH I think that the code for action can already be put it place under PyPA org, this is harmless.
Also, we’ve checked that PyPA doesn’t yet have access to GitHub Actions which will probably prevent us from creating that fancy Marketplace page. Which is fine, it’s still usable + getting that enable will probably be nicely aligned with appearance of token support in Warehouse.
As for docs, yes, I’d add those but this may need to wait as per Ernest’s suggestion.
Action items
- Put the repo with code under
pypa - Write the docs but not merge them yet
- Try convincing GitHub to enable Actions for
pypa(andpython, but that’s not directly related) - Keep improving the Action
- Implement Action testing
- Do a security review of the Action
Once Warehouse supports tokens
- Publish the Action to the Marketplace
- Merge docs
- Monitor SO and other sources of complaints
- Keep it up with the latest best practices
Sounds good?