From 07d7371aab4d4a2c4fff69f13abac1caadecf449 Mon Sep 17 00:00:00 2001 From: Alvaro Lopez Garcia Date: Thu, 8 Aug 2024 15:55:06 +0200 Subject: [PATCH] ci: fix package build, using trusted publisher --- .github/workflows/python-publish.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index fc29fc0f..3b536c96 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -32,8 +32,13 @@ jobs: run: tox publish: + name: upload release to PyPI runs-on: ubuntu-latest needs: test + environment: release + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write steps: - uses: actions/checkout@v3 @@ -47,11 +52,9 @@ jobs: python -m pip install --upgrade pip python -m pip install poetry poetry poetry-plugin-export - - name: Build and publish - env: - TWINE_USERNAME: "__token__" - TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }} - run: | - poetry build - poetry publish + - name: Build + run: poetry build + + - name: publish + uses: pypa/gh-action-pypi-publish@release/v1