From 3dbe899db8166a7dcf42e08a37d363825870169d Mon Sep 17 00:00:00 2001 From: 0x2b3bfa0 <0x2b3bfa0+git@googlemail.com> Date: Mon, 11 Sep 2023 17:37:58 +0200 Subject: [PATCH] Migrate from PyPI tokens to Trusted Publishers --- .github/workflows/release.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5d5457c..e7589f6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -9,6 +9,10 @@ permissions: jobs: pip: + environment: pypi + permissions: + contents: read + id-token: write runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3 @@ -27,5 +31,3 @@ jobs: twine check dist/* - name: Publish packages to PyPI uses: pypa/gh-action-pypi-publish@release/v1 - with: - password: ${{ secrets.PYPI_TOKEN }}