From 10ab967504490003001385f5e9324fab5ad4f61e Mon Sep 17 00:00:00 2001 From: Kevin Deldycke Date: Thu, 4 May 2023 12:47:05 +0200 Subject: [PATCH] Reverts publishing via trusted channel. See #528. Reverts: 3571c0697b37dc2f78d9d2cc385a74fd82462da8 1583a6f69013812ffdd7b226daa03d4dde32dec7 --- .github/workflows/lint.yaml | 2 +- .github/workflows/release.yaml | 12 ++++++------ changelog.md | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 4ac46ea8d..e2f67ff1f 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -161,7 +161,7 @@ jobs: # XXX actionlint triggers this error: # Error: .github/workflows/release.yaml:198:27: # property "workflow_update_github_pat" is not defined in object type {actions_runner_debug: string; - # actions_step_debug: string; github_token: string} [expression] + # actions_step_debug: string; github_token: string; pypi_token: string} [expression] # See: https://github.com/rhysd/actionlint/issues/148 run: > ${{ steps.install_actionlint.outputs.executable }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 32f149ab9..de1bd42b0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -3,6 +3,9 @@ name: Build & release # Read https://github.com/actions/runner/issues/491 for insights on complex workflow execution logic. "on": workflow_call: + secrets: + PYPI_TOKEN: + required: false outputs: tagged_version: description: Tagged/released version (without leading 'v') @@ -194,7 +197,7 @@ jobs: with: # XXX actionlint triggers this error: # property "workflow_update_github_pat" is not defined in object type {actions_runner_debug: string; - # actions_step_debug: string; github_token: string} [expression] + # actions_step_debug: string; github_token: string; pypi_token: string} [expression] # See: https://github.com/rhysd/actionlint/issues/148 repo-token: ${{ secrets.WORKFLOW_UPDATE_GITHUB_PAT || secrets.GITHUB_TOKEN }} tag: v${{ steps.get_version.outputs.tagged_version }} @@ -210,11 +213,6 @@ jobs: strategy: matrix: ${{ fromJSON(needs.project-metadata.outputs.release_commits_matrix) }} runs-on: ubuntu-22.04 - environment: - name: pypi - url: https://pypi.org/p/${{ needs.project-metadata.outputs.package_name }} - permissions: - id-token: write steps: - name: Download build artifacts uses: actions/download-artifact@v3.0.2 @@ -224,6 +222,8 @@ jobs: - name: Push package to public PyPi repository uses: pypa/gh-action-pypi-publish@v1.8.6 with: + user: __token__ + password: ${{ secrets.PYPI_TOKEN }} packages-dir: ${{ steps.download.outputs.download-path }} github-release: diff --git a/changelog.md b/changelog.md index dc6ed614d..2f1dadf64 100644 --- a/changelog.md +++ b/changelog.md @@ -6,7 +6,7 @@ This version is not released yet and is under active development. ``` -- Remove support for `PYPI_TOKEN` secret in release workflow. +- Reverts publishing via trusted channel: it doesn't work with reuseable workflows. See #528. ## [2.14.0 (2023-05-04)](https://github.com/kdeldycke/workflows/compare/v2.13.5...v2.14.0)