Skip to content

Commit

Permalink
Use PyPI's trusted publishing
Browse files Browse the repository at this point in the history
Trusted publishing is PyPI's term for using the OpenID Connect (OIDC)
standard to exchange short-lived identity tokens between a trusted
third-party service and PyPI. This method can be used in automated
environments and eliminates the need to use manually generated API
tokens to authenticate with PyPI when publishing.
  • Loading branch information
ikalnytskyi committed Nov 17, 2024
1 parent 5f5a308 commit 35b5068
Showing 1 changed file with 18 additions and 8 deletions.
26 changes: 18 additions & 8 deletions .github/workflows/cd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,27 @@ on:
jobs:
pypi:
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/project/picobox/${{ github.ref_name }}/
permissions:
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Prepare artifacts
run: |
pipx run -- hatch build
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.13"

- name: Setup build dependencies
run: pip install build

- name: Build package
run: python -m build

- name: Publish to PyPI
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
run: |
pipx run -- twine upload dist/*
uses: pypa/gh-action-pypi-publish@93e87954aa8d40d7467c30656ba421aee00d37c8
with:
print-hash: true

0 comments on commit 35b5068

Please sign in to comment.