From 339d6b00cc7d2ed26919323af50e740e6c636cfa Mon Sep 17 00:00:00 2001 From: Richard Tibbles Date: Thu, 24 Oct 2024 18:14:54 -0400 Subject: [PATCH] Switch to trusted publishing flow for pypi --- .github/workflows/pypi-publish.yml | 18 +++++++++--------- Makefile | 4 +++- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index f5d49fb..297c96b 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -1,5 +1,4 @@ -# This workflow will upload a Python Package using Twine when a release is created -# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries +# This workflow will upload a Python Package using pypa/gh-action-pypi-publish when a release is created name: Upload Python Package @@ -11,6 +10,9 @@ jobs: deploy: runs-on: ubuntu-22.04 + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write steps: - uses: actions/checkout@v4 @@ -21,10 +23,8 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install setuptools wheel twine pre-commit - - name: Build and publish - env: - TWINE_USERNAME: __token__ - TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} - run: | - make release + pip install setuptools wheel pre-commit + - name: Build + run: make build + - name: Publish package distributions to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/Makefile b/Makefile index 94c2493..6ff5e27 100644 --- a/Makefile +++ b/Makefile @@ -27,8 +27,10 @@ build: pip install -e . python scripts/generate_from_specs.py -release: clean build +dist: clean build python setup.py sdist + +release: dist twine upload dist/*.tar.gz release-npm: clean build