commit: b9fd639ecb4117d0d8098e49d34ef102de842969
Author: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed May 17 16:15:10 2023 +0000
Commit: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed May 17 16:15:10 2023 +0000
URL:
https://gitweb.gentoo.org/proj/pkgcore/pkgcheck.git/commit/?id=b9fd639e
ci: use new PyPI OIDC publish
Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>
.github/workflows/release.yml | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6de38945..f9e1c6fc 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -79,6 +79,13 @@ jobs:
if: startsWith(github.ref, 'refs/tags/')
needs: ["build-sdist", "build-wheel"]
runs-on: ubuntu-latest
+ environment: release
+
+ permissions:
+ id-token: write # Used to authenticate to PyPI via OIDC
+
+ contents: write # Used to authenticate github release publish
+
steps:
- uses: actions/download-artifact@v3
with:
@@ -87,12 +94,10 @@ jobs:
- name: Publish a Python distribution to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
- with:
- password: ${{ secrets.PYPI_API_TOKEN }}
- print_hash: true
- name: Create GitHub release
uses: softprops/action-gh-release@v1
with:
files: dist/*.tar.gz
fail_on_unmatched_files: true
+ draft: true
