From 0061ca3a364b319c779be0759f0e2e900db60769 Mon Sep 17 00:00:00 2001 From: James McKinney <26463+jpmckinney@users.noreply.github.com> Date: Thu, 15 Feb 2024 14:45:10 -0500 Subject: [PATCH] ci: Switch to trusted publishers --- .github/workflows/pypi.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml index 1e9ee54..be8e546 100644 --- a/.github/workflows/pypi.yml +++ b/.github/workflows/pypi.yml @@ -3,6 +3,8 @@ on: push jobs: build: runs-on: ubuntu-latest + permissions: + id-token: write steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 @@ -13,11 +15,8 @@ jobs: - name: Publish to TestPyPI uses: pypa/gh-action-pypi-publish@release/v1 with: - password: ${{ secrets.TEST_PYPI_API_TOKEN }} repository-url: https://test.pypi.org/legacy/ skip-existing: true - name: Publish to PyPI if: startsWith(github.ref, 'refs/tags') uses: pypa/gh-action-pypi-publish@release/v1 - with: - password: ${{ secrets.PYPI_API_TOKEN }}