Update pypi publish workflow to use Trusted Publisher

(cherry picked from commit 0115ab3)
ObaraEmmanuel · Jan 11, 2024 · 0c47db7 · 0c47db7
1 parent a570e38
commit 0c47db7
Showing 1 changed file with 28 additions and 11 deletions.
diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml
@@ -8,25 +8,42 @@ on:
     types: [published]
 
 jobs:
-  deploy:
+  release-build:
 
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
       with:
         python-version: "3.10"
-    - name: Install dependencies
+    - name: Install dependencies and build
       run: |
         python -m pip install --upgrade pip
         python -m pip install -r requirements.txt
-        pip install twine build
-    - name: Build and publish
-      env:
-        TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
-        TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
-      run: |
+        pip install build
         python -m build
-        twine upload dist/*
+
+    - name: upload windows dists
+      uses: actions/upload-artifact@v3
+      with:
+        name: release-dists
+        path: dist/
+
+  pypi-publish:
+    runs-on: ubuntu-latest
+    needs:
+      - release-build
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Retrieve release distributions
+        uses: actions/download-artifact@v3
+        with:
+          name: release-dists
+          path: dist/
+
+      - name: Publish release distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1