From e13536b225bf85c4eab3a7b6b0f15ccfdc68ff41 Mon Sep 17 00:00:00 2001 From: jpl-jengelke Date: Mon, 16 Sep 2024 12:25:34 -0700 Subject: [PATCH] Issue #1287: Implementation of secure publishing. ... --- .github/workflows/python-publish.yml | 34 ++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index c2f539d7..7ec949e8 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -6,10 +6,11 @@ name: Upload Python Package on: release: - types: [published] + types: [ published ] jobs: - deploy: + + build: runs-on: ubuntu-latest steps: - name: Checkout code @@ -28,10 +29,25 @@ jobs: run: | python3 -m build --wheel python3 setup.py sdist --format=zip - - name: Publish package - env: - TWINE_USERNAME: __token__ - TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} - run: | - twine check dist/* - twine upload --verbose dist/*.whl dist/*.zip + - name: Store package + uses: actions/upload-artifact@v4 + with: + name: python-package-distribution + path: dist/ + + release: + runs-on: ubuntu-latest + environment: + name: release + permissions: + id-token: write # mandatory for trusted publishing + steps: + - name: Retrieve package + uses: actions/download-artifact@v4 + with: + name: python-package-distribution + path: dist/ + - name: Publish package (PyPi) + uses: pypa/gh-action-pypi-publish@release/v1 + with: + repository-url: https://pypi.org/p/exotic # for testing sub https://test.pypi.org/legacy/