Merge pull request #76 from cfpb/pypi-trusted-publishing

Use PyPI trusted publishing on release
cfpb · Jan 8, 2024 · 3bc6c17 · 3bc6c17
2 parents 6520756 + 52b1a19
commit 3bc6c17
Showing 1 changed file with 13 additions and 10 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -4,25 +4,28 @@ on:
     types: [published]
   workflow_dispatch:
 
-
 jobs:
   build:
+    name: Build and publish release to PyPI
     runs-on: ubuntu-latest
+    # This uses PyPI trusted publishing
+    environment:
+      name: pypi
+      url: https://pypi.org/p/wagtail-flags
+    permissions:
+      id-token: write
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
-        python-version: 3.11
+        python-version: 3.12
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip build
-        pip install twine wheel
     - name: Build the package
       run: |
         python -m build
-    - name: Upload to PyPI
-      run: twine upload dist/*
-      env:
-        TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
-        TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
+    - name: Publish to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
+