Skip to content

Commit 873523c

Browse files
julian-rischjulian-risch
authored
build: switch to trusted publishing (#10976)
1 parent f0148c8 commit 873523c

2 files changed

Lines changed: 8 additions & 8 deletions

File tree

.github/workflows/nightly_testpypi_release.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,9 @@ env:
1212
jobs:
1313
nightly-release:
1414
runs-on: ubuntu-latest
15+
environment: pypi
16+
permissions:
17+
id-token: write
1518
# Always build from main for consistency (scheduled and manual runs)
1619
steps:
1720
- name: Checkout main
@@ -39,7 +42,4 @@ jobs:
3942
run: hatch build
4043

4144
- name: Publish to PyPI
42-
env:
43-
HATCH_INDEX_USER: __token__
44-
HATCH_INDEX_AUTH: ${{ secrets.HAYSTACK_AI_PYPI_TOKEN }}
45-
run: hatch publish -y
45+
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0

.github/workflows/pypi_release.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@ env:
1313
jobs:
1414
release-on-pypi:
1515
runs-on: ubuntu-latest
16+
environment: pypi
17+
permissions:
18+
id-token: write
1619

1720
steps:
1821
- name: Checkout
@@ -25,7 +28,4 @@ jobs:
2528
run: hatch build
2629

2730
- name: Publish on PyPi
28-
env:
29-
HATCH_INDEX_USER: __token__
30-
HATCH_INDEX_AUTH: ${{ secrets.HAYSTACK_AI_PYPI_TOKEN }}
31-
run: hatch publish -y
31+
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0

0 commit comments

Comments
 (0)