ci(release): Use trusted publisher instead of api token [skip ci]

crowdsecurity · Feb 8, 2024 · 6a779a9 · 6a779a9
1 parent 2b10bee
commit 6a779a9
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 32 deletions.
diff --git a/.github/workflows/pypi_publish.yml b/.github/workflows/pypi_publish.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -104,6 +104,12 @@ jobs:
 
     name: Publish to PyPI
     runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/cscapi
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
     if: success() && github.event.inputs.publish-to-pypi == 'true'
     needs: [ create-release ]
 
@@ -122,7 +128,4 @@ jobs:
       - name: Build package
         run: python -m build
       - name: Publish package to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}
+        uses: pypa/gh-action-pypi-publish@release/v1