Add activestate OIDC docs

docs/user/trusted-publishers/adding-a-publisher.md

@@ -97,7 +97,12 @@ each.
 
 === "ActiveState"
 
-    TODO
+    For ActiveState, you need to provide the project name on ActiveState's Platform,
+    the organization that project belongs to, and the username performing
+    the publish action. Learn more about getting set up on the ActiveState Platform [here](https://docs.activestate.com/platform/start/PYPI).
+    ![](/assets/trusted-publishing/activestate/project-publishing-form.png)
+    Once you click "Add", your publisher will be registered and will appear at the top of the page:
+    ![](/assets/trusted-publishing/activestate/project-publisher-registered.png)
 
 === "GitLab CI/CD"
 

docs/user/trusted-publishers/creating-a-project-through-oidc.md

@@ -62,7 +62,16 @@ provide the name of the PyPI project that will be created.
 
 === "ActiveState"
 
-    TODO
+    Setting up ActiveState to create a PyPI project is the same as
+    updating a project. You need to provide the project name on ActiveState's Platform,
+    the ActiveState organization that project belongs to, and the username who will be performing
+    the publish action. Learn more about getting set up on the ActiveState Platform [here](https://docs.activestate.com/platform/start/PYPI).
+
+    ![](/assets/trusted-publishing/activestate/pending-publisher-form-filled.png)
+
+    Clicking "Add" will register the "pending" publisher, and show it to you:
+
+    ![](/assets/trusted-publishing/activestate/pending-publisher-registered.png)
 
 === "GitLab CI/CD"
 

docs/user/trusted-publishers/security-model.md

@@ -153,7 +153,23 @@ own security model and considerations.
 
 === "ActiveState"
 
-    TODO
+    ### Security Model
+
+    Trusted Publishing occurs from within an isolated build container in the ActiveState
+    Platform build infrastructure.  When a build is triggered by a user that will publish
+    to PyPI, an OIDC token is generated and passed into the necessary build container as
+    an environmental variable along with your release artifact that will be uploaded. The
+    OIDC token is used by the build container to request a PyPI API token which it then
+    uses to upload your release.
+
+    ### Considerations
+
+    * The user configured in the Trusted Publisher must be the user that triggers the
+      build in the ActiveState Platform.  This user will need editing privileges in the
+      ActiveState organization associated with the project.
+    * The ActiveState Platform project must be private.
+    For more information about Trusted Publishing using the ActiveState Platform please
+    see the [PyPI configuration documentation](https://docs.activestate.com/platform/start/PYPI) and the [ActiveState Platform documentation](https://docs.activestate.com/platform).
 
 === "GitLab CI/CD"
 

docs/user/trusted-publishers/using-a-publisher.md

@@ -270,7 +270,47 @@ below describe the setup process for each supported trusted publisher.
 
 === "ActiveState"
 
-    TODO
+    ActiveState's Platform works as a "zero-config" CI solution to automatically build cross-platform wheels of your PyPI projects. Once you're set up on the Platform and have linked your PyPI project, you're ready to publish. For more information on getting started with ActiveState go [here](https://docs.activestate.com/platform/start/PYPI). To begin:
+    Publish your package to ActiveState's catalog. This will allow ActiveState's Platform to build it for you.
+
+    1. Run the following command using the State Tool CLI:
+    ```
+    state publish --namespace USERNAME/python --name PKG_NAME SDIST_FILENAME --depend "builder/python-module-builder@>=0" --depend "language/python@>=3" --depend "language/python/setuptools@>=43.0.0" --depend "language/python/wheel@>=0"
+    ```
+    Replace the placeholder values in the block above with your ActiveState username (USERNAME), package name (PKG_NAME), and the filename of your sdist (SDIST_FILENAME) and run the command.
+
+    2. After publishing your package to ActiveState, you'll need to create a build script file (`buildscript.as`) to build it into a wheel and publish it to PyPI. An example script is shown below. Create a new build script file in the same folder as your `activestate.yaml` file and name it `buildscript.as`. Paste the code below, substituting the placeholder values with those from your project: your ActiveState username (USERNAME), the name of the namespace (ie. folder where you published the ingredient, in this case `python`) (NAMESPACE), and finally the name of your package (PKG_NAME). Save the changes to the file.
+    ```python
+    at_time =  "2023-12-19T22:53:09.573000Z"
+    sources = solve(
+      at_time = at_time,
+      platforms = [
+        "78977bc8-0f32-519d-80f3-9043f059398c",
+        "7c998ec2-7491-4e75-be4d-8885800ef5f2",
+        "96b7e6f2-bebf-564c-bc1c-f04482398f38"
+      ],
+      requirements = [
+        Req(name = "USERNAME/NAMESPACE/PKG_NAME, version=Eq("1.0.0"))
+      ],
+    )
+    wheels = wheel_artifacts(src=$sources)
+    publish_receipt = pypi_publisher(src=$wheels)
+    runtime = state_tool_artifacts_v1(
+      build_flags = [
+      ],
+      src = sources
+    )
+    main = runtime
+    ```
+
+    1. Then, "commit" this build script to the system by running `state commit` in your terminal. Now you're ready to publish to PyPI!
+    2. To build your wheel, run `state eval wheels`
+    3. After building your wheel, run `state builds --all` to view all of the builds available. Take note of the `HASH_ID` of your new wheel.
+    4. Run `state builds dl <HASH_ID>` to download and test the wheel you've built.
+    5. When you're ready to publish your wheel to PyPI, run: `state eval publish_receipt`.
+    That's it!
+
+    You have successfully published a Python wheel using the ActiveState Platform.
 
 === "GitLab CI/CD"
 

warehouse/templates/manage/account/publishing.html

@@ -25,7 +25,7 @@
 {% macro github_form(request, pending_github_publisher_form) %}
   <p>
     {% trans href="https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect" %}
-    Read more about GitHub Actions's OpenID Connect support <a href="{{ href }}">here</a>.
+    Read more about GitHub Action's OpenID Connect support <a href="{{ href }}">here</a>.
     {% endtrans %}
   </p>
 
@@ -315,6 +315,12 @@
 {% endmacro %}
 
 {% macro activestate_form(request, pending_activestate_pubisher_form) %}
+  <p>
+    {% trans href="https://docs.activestate.com/platform/user/oidc/" %}
+    Read more about ActiveState's OpenID Connect support <a href="{{ href }}">here</a>.
+    {% endtrans %}
+  </p>
+
   {{ form_error_anchor(pending_activestate_pubisher_form) }}
   <form method="POST" action="{{ request.route_path('manage.account.publishing') }}#errors">
     <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">

warehouse/templates/manage/project/publishing.html

@@ -268,6 +268,12 @@
 {% endmacro %}
 
 {% macro activestate_form(request, activestate_pubisher_form) %}
+  <p>
+    {% trans href="https://docs.activestate.com/platform/user/oidc/" %}
+    Read more about ActiveState's OpenID Connect support <a href="{{ href }}">here</a>.
+    {% endtrans %}
+  </p>
+
   {{ form_error_anchor(activestate_pubisher_form) }}
   <form method="POST" action="{{ request.route_path('manage.project.settings.publishing', project_name=project.name) }}#errors">
     <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">