python-release: use trusted publishing (#157)

Closes #154. Signed-off-by: William Woodruff <[email protected]>
sigstore · Oct 19, 2023 · 00a2baf · 00a2baf
1 parent 756f271
commit 00a2baf
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/.github/workflows/python-release.yml b/.github/workflows/python-release.yml
@@ -9,6 +9,9 @@ jobs:
   pypi:
     name: upload release to PyPI
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write # required for trusted publishing to PyPI
+
     steps:
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
@@ -23,7 +26,3 @@ jobs:
 
     - name: publish
       uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e # v1.8.10
-      with:
-        user: __token__
-        password: ${{ secrets.PYPI_TOKEN }}
-        packages-dir: gen/pb-python/dist/