add oidc claim debugging

[mnbf9rca]

Summary by Sourcery

Integrate OIDC claim debugging into the deployment workflow by adding a step that uses the actions-oidc-debugger.

CI:

• Add OIDC claim debugging step to the deployment workflow using the actions-oidc-debugger.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request adds OIDC claim debugging functionality to the GitHub Actions workflow for deploying to PyPI. It introduces a new step that uses the actions-oidc-debugger action to debug OIDC claims before the package deployment process.

File-Level Changes

Change	Details	Files
Added OIDC claim debugging step to the deployment workflow	Checkout the actions-oidc-debugger repository Use the actions-oidc-debugger action in a new step Removed commented-out code for version extraction	.github/workflows/deploy_to_pypi.yml

---

Tips

• Trigger a new Sourcery review by commenting @sourcery-ai review on the pull request.
• Continue your discussion with Sourcery by replying directly to review comments.
• You can change your review settings at any time by accessing your dashboard:
  • Enable or disable the Sourcery-generated pull request summary or reviewer's guide;
  • Change the review language;
• You can always contact us if you have any questions or feedback.

[sourcery-ai]

Hey @mnbf9rca - I've reviewed your changes - here's some feedback:

Overall Comments:

• Consider using a more secure method for authentication when checking out the debugger action, or ensure the personal access token has minimal necessary permissions.
• The OIDC claim debugging step could be made optional by using a conditional based on an input parameter, allowing for more efficient regular deployments.

Here's what I looked at during the review

• 🟢 General issues: all looks good
• 🟡 Security: 1 issue found
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.}

[sourcery-ai]

🚨 suggestion (security): Consider documenting the use of the OIDC debugger and its security implications.

While adding debugging capabilities can be helpful, it's important to document why this OIDC debugger is necessary and consider any potential security risks. Consider adding a comment explaining its purpose and ensure that it's only used in non-production environments. Also, review the information being logged to prevent accidental exposure of sensitive data. On a positive note, good job on removing the commented-out code for version extraction, which helps keep the codebase clean.