From ca1a33156d8777dd7dc046accd43bae5dd511965 Mon Sep 17 00:00:00 2001 From: Jonathan Shimwell Date: Fri, 19 Apr 2024 13:40:24 +0100 Subject: [PATCH] made uise of trusted publishers --- .github/workflows/python-publish.yml | 47 ++++++++++------------------ 1 file changed, 16 insertions(+), 31 deletions(-) diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index ac5bbec..390560b 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -1,40 +1,25 @@ -# This yml file will trigger a Github Actions event that builds and upload the -# Python package to PiPy. This makes use of Twine and is triggered when a push -# to the main branch occures. For more information see: -# https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries -# and for details on the Autobump version section see: -# https://github.com/grst/python-ci-versioneer - name: Upload Python Package on: - # allows us to run workflows manually - workflow_dispatch: release: - types: [created] + types: [published] jobs: deploy: - runs-on: ubuntu-latest - + permissions: + id-token: write steps: - - uses: actions/checkout@v2 - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install setuptools wheel build twine - - - name: Build and publish - env: - TWINE_USERNAME: __token__ - TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} - run: | - python -m build - twine check dist/* - twine upload dist/* + - uses: actions/checkout@v4 + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.x' + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install build + - name: Build package + run: python -m build + - name: Publish a Python distribution to PyPI + uses: pypa/gh-action-pypi-publish@release/v1