From cd9bc5fe8fa4607403b6c47810719faeee370f16 Mon Sep 17 00:00:00 2001 From: Daylin Morgan Date: Tue, 22 Aug 2023 23:02:41 -0500 Subject: [PATCH] ci: use newer trusted publishing for pypi --- .github/workflows/pypi.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml index a6cb580..130d129 100644 --- a/.github/workflows/pypi.yml +++ b/.github/workflows/pypi.yml @@ -9,6 +9,11 @@ jobs: build-n-publish: name: Build and publish Python 🐍 distributions 📦 to PyPI runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/p/viv + permissions: + id-token: write # IMPORTANT: this permission is mandatory for trusted publishing steps: - uses: actions/checkout@v3 with: @@ -23,7 +28,6 @@ jobs: - name: Build a binary wheel and a source tarball run: >- python -m build --sdist --wheel --outdir dist/ . - - name: Publish a Python distribution to PyPI + + - name: Publish package distributions to PyPI uses: pypa/gh-action-pypi-publish@release/v1 - with: - password: ${{ secrets.PYPI_API_TOKEN }}