Merge pull request #80 from sethmlarson/trusted-publisher

Use trusted publisher in publishing workflow
beeware · May 2, 2023 · 0a6ec18 · 0a6ec18
2 parents 043d57c + 9c497ec
commit 0a6ec18
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 15 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -7,6 +7,9 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    permissions:
+      # This permission is required for trusted publishing.
+      id-token: write
     steps:
     - uses: actions/checkout@v3.5.2
 
@@ -27,8 +30,4 @@ jobs:
         tox -e package
 
     - name: Publish release
-      env:
-        TWINE_USERNAME: __token__
-        TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
-      run: |
-        tox -e publish
+      uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/changes/80.misc.rst b/changes/80.misc.rst
@@ -0,0 +1 @@
+Release processes were changed to use Trusted Publishing.
diff --git a/tox.ini b/tox.ini
@@ -38,13 +38,3 @@ commands =
     check-manifest -v
     python -m build --sdist --wheel --outdir dist
     python -m twine check dist/*
-
-[testenv:publish]
-deps =
-    wheel
-    twine
-passenv =
-    TWINE_USERNAME
-    TWINE_PASSWORD
-commands =
-    python -m twine upload dist/*
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Release processes were changed to use Trusted Publishing.