Dev: Started using the trusted publisher concept of Pypi

Signed-off-by: Andreas Maier <[email protected]>
zhmcclient · Oct 10, 2024 · 45154d4 · 45154d4
1 parent 1b91074
commit 45154d4
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -16,6 +16,9 @@ jobs:
     name: Build and publish to PyPI
     if: startsWith(github.ref, 'refs/tags')
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
     steps:
 
     #-------- Info gathering and checks
@@ -144,7 +147,8 @@ jobs:
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
         packages-dir: dist
-        password: ${{ secrets.PYPI_API_TOKEN }}
+        # Pypi has a trusted publisher defined, so we do not need a password:
+        # https://pypi.org/manage/project/zhmcclient/settings/publishing/
 
     #-------- Creation of Github release
     - name: Determine whether release on Github exists for the pushed tag

diff --git a/changes/noissue.2.cleanup.rst b/changes/noissue.2.cleanup.rst
@@ -0,0 +1,2 @@
+Dev: Started using the trusted publisher concept of Pypi in order to avoid
+dealing with Pypi access tokens.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		Dev: Started using the trusted publisher concept of Pypi in order to avoid
		dealing with Pypi access tokens.