Utilize PyPI's trusted publishing

PyPI and Test PyPI recently introduced trusted publshing for repositories using GitHub Actions to publish. Changes having already been made on the PyPI and Test PyPI sites to trust our GitHub actions. https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/ Signed-off-by: Eric Brown <[email protected]>
ericwb · Jan 29, 2024 · 9261061 · 9261061
1 parent ff7ed4b
commit 9261061
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml
@@ -6,6 +6,9 @@ jobs:
   build-n-publish:
     name: Build and publish to PyPI
     runs-on: ubuntu-latest
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
     steps:
     - uses: actions/checkout@v4
       with:
@@ -25,5 +28,3 @@ jobs:
     - name: Publish distribution to PyPI
       if: startsWith(github.ref, 'refs/tags')
       uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        password: ${{ secrets.PYPI_PASSWORD }}
diff --git a/.github/workflows/publish-to-test-pypi.yml b/.github/workflows/publish-to-test-pypi.yml
@@ -6,6 +6,9 @@ jobs:
   build-n-publish:
     name: Build and publish to Test PyPI
     runs-on: ubuntu-latest
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
     steps:
     - uses: actions/checkout@v4
       with:
@@ -25,5 +28,4 @@ jobs:
     - name: Publish distribution to Test PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        password: ${{ secrets.TEST_PYPI_PASSWORD }}
-        repository_url: https://test.pypi.org/legacy/
+        repository-url: https://test.pypi.org/legacy/