Skip to content

Commit b835555

Browse files
yeldarbyyeldarby
committed
Configure workflows for PyPI Trusted Publishing (OIDC)
1 parent 8ff3e36 commit b835555

File tree

2 files changed

+30
-13
lines changed

2 files changed

+30
-13
lines changed

.github/workflows/publish-release.yml

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,27 @@
11
name: Publish rffickle to PyPI
22

33
on:
4-
release:
5-
types: [created]
4+
push:
5+
tags:
6+
- "v*"
67
workflow_dispatch:
78

9+
permissions:
10+
contents: read
11+
812
jobs:
913
publish:
14+
name: Publish to PyPI
1015
runs-on: ubuntu-latest
16+
environment:
17+
name: release
18+
url: https://pypi.org/project/rffickle/
19+
permissions:
20+
id-token: write # Required for OIDC/Trusted Publishing
21+
contents: read
1122
steps:
1223
- name: 🛎️ Checkout
1324
uses: actions/checkout@v4
14-
with:
15-
ref: ${{ github.head_ref }}
1625

1726
- name: 🐍 Set up Python
1827
uses: actions/setup-python@v5
@@ -30,8 +39,6 @@ jobs:
3039
twine check dist/*
3140
3241
- name: 🚀 Publish to PyPI
33-
env:
34-
PYPI_USERNAME: ${{ secrets.PYPI_USERNAME }}
35-
PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
36-
run: |
37-
twine upload dist/* -u $PYPI_USERNAME -p $PYPI_PASSWORD --verbose
42+
uses: pypa/gh-action-pypi-publish@release/v1
43+
with:
44+
attestations: true

.github/workflows/publish-testpypi.yml

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,19 @@ on:
88
- 'setup.py'
99
- 'src/**'
1010

11+
permissions:
12+
contents: read
13+
1114
jobs:
1215
publish-test:
16+
name: Publish to TestPyPI
1317
runs-on: ubuntu-latest
18+
environment:
19+
name: testpypi
20+
url: https://test.pypi.org/project/rffickle/
21+
permissions:
22+
id-token: write # Required for OIDC/Trusted Publishing
23+
contents: read
1424
steps:
1525
- name: 🛎️ Checkout
1626
uses: actions/checkout@v4
@@ -31,7 +41,7 @@ jobs:
3141
twine check dist/*
3242
3343
- name: 🚀 Publish to TestPyPI
34-
env:
35-
PYPI_TEST_PASSWORD: ${{ secrets.PYPI_TEST_PASSWORD }}
36-
run: |
37-
twine upload --repository testpypi dist/* -u __token__ -p $PYPI_TEST_PASSWORD --verbose
44+
uses: pypa/gh-action-pypi-publish@release/v1
45+
with:
46+
repository-url: https://test.pypi.org/legacy/
47+
attestations: true

0 commit comments

Comments
 (0)