From 68974628c6e3a084d40fc4013b8a55bf71d5590b Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 6 Mar 2024 15:45:29 -0500 Subject: [PATCH] workflows/release: switch to trusted publishing Signed-off-by: William Woodruff --- {{cookiecutter.project_slug}}/.github/workflows/release.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/{{cookiecutter.project_slug}}/.github/workflows/release.yml b/{{cookiecutter.project_slug}}/.github/workflows/release.yml index 76820b5..9bb11e5 100644 --- a/{{cookiecutter.project_slug}}/.github/workflows/release.yml +++ b/{{cookiecutter.project_slug}}/.github/workflows/release.yml @@ -7,6 +7,7 @@ name: release permissions: # Used to sign the release's artifacts with sigstore-python. + # Used to publish to PyPI with Trusted Publishing. id-token: write # Used to attach signing artifacts to the published release. @@ -33,9 +34,6 @@ jobs: - name: publish uses: pypa/gh-action-pypi-publish@release/v1 - with: - user: __token__ - password: ${{ secrets.PYPI_TOKEN }} - name: sign uses: sigstore/gh-action-sigstore-python@v1.2.1