Skip to content

Commit

Permalink
workflows/release: switch to trusted publishing
Browse files Browse the repository at this point in the history
Signed-off-by: William Woodruff <william@trailofbits.com>
  • Loading branch information
woodruffw committed Mar 6, 2024
1 parent 6cf8729 commit 6897462
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions {{cookiecutter.project_slug}}/.github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ name: release

permissions:
# Used to sign the release's artifacts with sigstore-python.
# Used to publish to PyPI with Trusted Publishing.
id-token: write

# Used to attach signing artifacts to the published release.
Expand All @@ -33,9 +34,6 @@ jobs:

- name: publish
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: __token__
password: ${{ secrets.PYPI_TOKEN }}

- name: sign
uses: sigstore/gh-action-sigstore-python@v1.2.1
Expand Down

0 comments on commit 6897462

Please sign in to comment.