Convert publishing workflows to trusted publishers

python-jsonschema · Aug 25, 2023 · a9a3504 · webknjaz · Aug 25, 2023 · sirosen
1 parent e22f8a2
commit a9a3504
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/.github/workflows/publish_to_pypi.yaml b/.github/workflows/publish_to_pypi.yaml
@@ -7,6 +7,9 @@ on:
 jobs:
   publish:
     runs-on: ubuntu-latest
+    environment: publish
+    permissions:
+      id-token: write
 
     steps:
       - uses: actions/checkout@v3
@@ -19,5 +22,3 @@ jobs:
 
       - name: Publish to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
diff --git a/.github/workflows/publish_to_test_pypi.yaml b/.github/workflows/publish_to_test_pypi.yaml
@@ -14,6 +14,9 @@ on:
 jobs:
   publish:
     runs-on: ubuntu-latest
+    environment: publish-testpypi
+    permissions:
+      id-token: write
 
     steps:
       - uses: actions/checkout@v3
@@ -36,5 +39,4 @@ jobs:
       - name: Publish to TestPyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          password: ${{ secrets.TEST_PYPI_API_TOKEN }}
           repository_url: https://test.pypi.org/legacy/