commit: cb9b372c0657cbdd7fe6c466fd385910b85d916f
Author: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 22 17:03:46 2023 +0000
Commit: Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat Apr 22 17:03:46 2023 +0000
URL:
https://gitweb.gentoo.org/proj/pkgcore/pkgdev.git/commit/?id=cb9b372c
ci: use new PyPI OIDC publish
Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>
.github/workflows/release.yml | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f24e520..642708f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,6 +9,13 @@ on:
jobs:
build-and-deploy:
runs-on: ubuntu-latest
+ environment: release
+
+ permissions:
+ id-token: write # Used to authenticate to PyPI via OIDC
+
+ contents: write # Used to authenticate github release publish
+
steps:
- name: Checkout code
uses: actions/checkout@v2
@@ -42,18 +49,14 @@ jobs:
sha512sum dist/*
tar -ztf dist/*.tar.gz | sort
- - name: Install twine and check files
- run: |
- pip install twine wheel-inspect
- twine check dist/*
- wheel2json dist/*.whl
+ - uses: actions/upload-artifact@v3
+ with:
+ name: results
+ path: dist/*
- - name: Upload to PyPI
- env:
- TWINE_USERNAME: __token__
- TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
+ - name: publish
+ uses: pypa/gh-action-pypi-publish@release/v1
if: startsWith(github.ref, 'refs/tags/')
- run: twine upload dist/*
- name: Create GitHub release
uses: softprops/action-gh-release@v1
@@ -61,3 +64,4 @@ jobs:
with:
files: dist/*.tar.gz
fail_on_unmatched_files: true
+ draft: true
