From 186c457818877eeab95b339cf56e3f9f3247d10f Mon Sep 17 00:00:00 2001 From: Alexandre Lavigne Date: Thu, 28 Mar 2024 23:39:16 +0100 Subject: [PATCH] Add pypi trusted publisher Remove use of token, use Pypi OIDC from github. closes #1331 Signed-off-by: Alexandre Lavigne --- .github/workflows/release.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 84b5591f9..e7843051a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -11,6 +11,9 @@ jobs: runs-on: ubuntu-latest permissions: contents: write + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write + environment: release steps: - name: Checkout uses: actions/checkout@v4 @@ -36,11 +39,6 @@ jobs: - name: Publish to TestPyPi uses: pypa/gh-action-pypi-publish@release/v1 with: - user: __token__ - password: ${{ secrets.TEST_PYPI_API_TOKEN }} repository-url: https://test.pypi.org/legacy/ - name: Publish to PyPi uses: pypa/gh-action-pypi-publish@release/v1 - with: - user: __token__ - password: ${{ secrets.PYPI_API_TOKEN }}