diff options
author | Joris Roovers <joris.roovers@gmail.com> | 2023-04-11 12:02:48 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-11 12:02:48 +0200 |
commit | 562703f9f7ffbc71580c6a205c5a18768b157a9b (patch) | |
tree | 93cce6c00696fb26ad21c02c1e0ff2b9203c741e | |
parent | 7f55b0155c69a3b3e56fd4779fb062058291b9b5 (diff) |
GHA: Use PyPI OIDC for publishing (#486)
Replace token based authentication with OIDC for PyPI package
publishing.
Relates to #467
-rw-r--r-- | .github/workflows/publish-release.yml | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index e8c6398..4481e36 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -49,6 +49,9 @@ jobs: publish: timeout-minutes: 15 runs-on: "ubuntu-latest" + permissions: + # Required for trusted publishing to PyPI + id-token: write outputs: gitlint_version: ${{ steps.set_version.outputs.gitlint_version }} steps: @@ -107,27 +110,22 @@ jobs: uses: pypa/gh-action-pypi-publish@release/v1 with: packages-dir: gitlint-core/dist/ - password: ${{ secrets.PYPI_GITLINT_CORE_PASSWORD }} if: inputs.pypi_target == 'pypi.org' - name: Publish gitlint 🐍📦 to PyPI uses: pypa/gh-action-pypi-publish@release/v1 - with: - password: ${{ secrets.PYPI_GITLINT_PASSWORD }} if: inputs.pypi_target == 'pypi.org' - name: Publish gitlint-core 🐍📦 to TestPyPI uses: pypa/gh-action-pypi-publish@release/v1 with: packages-dir: gitlint-core/dist/ - password: ${{ secrets.TEST_PYPI_GITLINT_CORE_PASSWORD }} repository-url: https://test.pypi.org/legacy/ if: inputs.pypi_target == 'test.pypi.org' - name: Publish gitlint 🐍📦 to TestPyPI uses: pypa/gh-action-pypi-publish@release/v1 with: - password: ${{ secrets.TEST_PYPI_GITLINT_PASSWORD }} repository-url: https://test.pypi.org/legacy/ if: inputs.pypi_target == 'test.pypi.org' |