From be5d6ace29e30bc21593f02a0466426cebdc24a2 Mon Sep 17 00:00:00 2001 From: Eric Brown Date: Mon, 29 Jan 2024 16:57:48 -0800 Subject: [PATCH] Utilize PyPI's trusted publishing (#1107) PyPI and Test PyPI recently introduced trusted publshing for repositories using GitHub Actions to publish. Changes having already been made on the PyPI and Test PyPI sites to trust our GitHub actions. https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/ Signed-off-by: Eric Brown --- .github/workflows/publish-to-pypi.yml | 5 +++-- .github/workflows/publish-to-test-pypi.yml | 6 ++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml index 20cfae4dc..7f72c66e8 100644 --- a/.github/workflows/publish-to-pypi.yml +++ b/.github/workflows/publish-to-pypi.yml @@ -6,6 +6,9 @@ jobs: build-n-publish: name: Build and publish to PyPI runs-on: ubuntu-latest + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write steps: - uses: actions/checkout@v4 with: @@ -25,5 +28,3 @@ jobs: - name: Publish distribution to PyPI if: startsWith(github.ref, 'refs/tags') uses: pypa/gh-action-pypi-publish@release/v1 - with: - password: ${{ secrets.PYPI_PASSWORD }} diff --git a/.github/workflows/publish-to-test-pypi.yml b/.github/workflows/publish-to-test-pypi.yml index 6c0c8ccba..89153cf8f 100644 --- a/.github/workflows/publish-to-test-pypi.yml +++ b/.github/workflows/publish-to-test-pypi.yml @@ -6,6 +6,9 @@ jobs: build-n-publish: name: Build and publish to Test PyPI runs-on: ubuntu-latest + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write steps: - uses: actions/checkout@v4 with: @@ -25,5 +28,4 @@ jobs: - name: Publish distribution to Test PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: - password: ${{ secrets.TEST_PYPI_PASSWORD }} - repository_url: https://test.pypi.org/legacy/ + repository-url: https://test.pypi.org/legacy/