ci: use PYPI_TOKEN for publishing instead of OIDC trusted publisher

devin-ai-integration[bot] · aaronsteers · devin-ai-integration[bot] · commit c3a2fda05291 · 2026-06-22T23:38:55.000Z
Switch from PyPI OIDC trusted publishing to PYPI_TOKEN secret.
OIDC requires PyPI Owner access to configure, which is currently blocked
pending ownership transfer. PYPI_TOKEN was already configured in the repo
from the v1 Speakeasy workflow.

Co-Authored-By: AJ Steers &lt;aj@airbyte.io&gt;
diff --git a/.github/workflows/pre-release-command.yml b/.github/workflows/pre-release-command.yml
@@ -53,13 +53,9 @@ jobs:
   pre_release:
     name: Build & Publish Pre-Release
     runs-on: ubuntu-latest
-    environment:
-      name: pypi
-      url: https://pypi.org/project/airbyte-api/
     permissions:
       contents: write
       pull-requests: write
-      id-token: write
     steps:
       # ── Slash command: post starting comment ────────────────────────
       - name: Authenticate as GitHub App
@@ -129,7 +125,9 @@ jobs:
         run: uv build
 
       - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        run: uv publish
+        env:
+          UV_PUBLISH_TOKEN: ${{ secrets.PYPI_TOKEN }}
 
       # ── Tag the commit ──────────────────────────────────────────────
       - name: Create and push tag
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -1,15 +1,10 @@
 # PyPI Publish Workflow
 #
 # Triggered when a GitHub Release is published (draft → published).
-# Builds the Python package and uploads it to PyPI using OIDC trusted publishing.
+# Builds the Python package and uploads it to PyPI using PYPI_TOKEN.
 #
 # Prerequisites:
-# - PyPI trusted publisher configured for this repository:
-#   https://docs.pypi.org/trusted-publishers/creating-a-project-through-oidc/
-#   Owner: airbytehq
-#   Repository: airbyte-api-python-sdk
-#   Workflow: publish.yml
-#   Environment: pypi
+# - PYPI_TOKEN secret configured in the repository
 
 name: Publish to PyPI
 
@@ -24,11 +19,6 @@ jobs:
   publish:
     name: Build & Publish to PyPI
     runs-on: ubuntu-latest
-    environment:
-      name: pypi
-      url: https://pypi.org/project/airbyte-api/
-    permissions:
-      id-token: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -42,4 +32,6 @@ jobs:
         run: uv build
 
       - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        run: uv publish
+        env:
+          UV_PUBLISH_TOKEN: ${{ secrets.PYPI_TOKEN }}
