From 58ddf3a2e1049821834159efe61e9987d6d55a88 Mon Sep 17 00:00:00 2001 From: Andreas Maier Date: Wed, 9 Oct 2024 11:29:40 +0200 Subject: [PATCH] Dev: Started using the trusted publisher concept of Pypi Signed-off-by: Andreas Maier --- .github/workflows/publish.yml | 14 ++++++-------- changes/noissue.2.cleanup.rst | 2 ++ 2 files changed, 8 insertions(+), 8 deletions(-) create mode 100644 changes/noissue.2.cleanup.rst diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a6dab6d2..f13b58d2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -16,6 +16,9 @@ jobs: name: Build and publish to PyPI if: startsWith(github.ref, 'refs/tags') runs-on: ubuntu-latest + permissions: + id-token: write + contents: write steps: #-------- Info gathering and checks @@ -139,18 +142,13 @@ jobs: - name: Display the distribution directory run: | ls -l dist - # - name: Publish distribution to TestPyPI - # uses: pypa/gh-action-pypi-publish@release/v1 - # with: - # packages_dir: dist - # password: ${{ secrets.TEST_PYPI_API_TOKEN }} - # repository_url: https://test.pypi.org/legacy/ - name: Publish distribution to PyPI if: startsWith(github.ref, 'refs/tags') uses: pypa/gh-action-pypi-publish@release/v1 with: - packages_dir: dist - password: ${{ secrets.PYPI_API_TOKEN }} + packages-dir: dist + # Pypi has a trusted publisher defined, so we do not need a password: + # https://pypi.org/manage/project/zhmcclient/settings/publishing/ #-------- Creation of Github release - name: Determine whether release on Github exists for the pushed tag diff --git a/changes/noissue.2.cleanup.rst b/changes/noissue.2.cleanup.rst new file mode 100644 index 00000000..24da6021 --- /dev/null +++ b/changes/noissue.2.cleanup.rst @@ -0,0 +1,2 @@ +Dev: Started using the trusted publisher concept of Pypi in order to avoid +dealing with Pypi access tokens.