From 290bbd6ba06eb1f3e4cd75c88a9dfbba2799043e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=94=A1=E9=B3=B3=E9=A7=BF?= Date: Wed, 10 Apr 2024 09:47:30 +0800 Subject: [PATCH] build: use trusted publisher and bump gh-action-pypi-publish to v1.8.14 --- .github/workflows/python-publish.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index 8e7fcb0..395839b 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -17,9 +17,11 @@ permissions: jobs: deploy: - + name: upload release to PyPI runs-on: ubuntu-latest - + environment: release + permissions: + id-token: write steps: - uses: actions/checkout@v4 - name: Set up Python @@ -33,7 +35,4 @@ jobs: - name: Build package run: python -m build - name: Publish package - uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 - with: - user: __token__ - password: ${{ secrets.PYPI_API_TOKEN }} + uses: pypa/gh-action-pypi-publish@v1.8.14