Change: Use trusted publisher process to deploy on PyPI

[Trusted publisher](https://docs.pypi.org/trusted-publishers/) uses OpenID Connect (OIDC) to issue short term tokens for GitHub. [Github implements the OIDC standard](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) since some month.
greenbone · Jan 18, 2024 · 6aefbab · 6aefbab
1 parent bcb3e86
commit 6aefbab
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/.github/workflows/deploy-pypi.yml b/.github/workflows/deploy-pypi.yml
@@ -7,16 +7,18 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python
         uses: greenbone/actions/poetry@v3
         with:
           python-version: "3.10"
           install-dependencies: "false"
-      - name: Build and publish
+      - name: Build
         run: |
           poetry build
-          poetry publish
-        env:
-          POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_TOKEN }}
+      - name: Publish
+        uses: pypa/gh-action-pypi-publish@release/v1