From 0fde2bd4987f4acdfc5b17c63e41695064e4ec60 Mon Sep 17 00:00:00 2001 From: Jeremy Tuloup Date: Thu, 7 Dec 2023 11:00:23 +0100 Subject: [PATCH] Backport PR #7176: Update publish-release workflow for PyPI trusted publisher --- .github/workflows/publish-release.yml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 38b1e4833e..cbe77f773e 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -12,12 +12,13 @@ on: description: 'Comma separated list of steps to skip' required: false -permissions: - contents: read - jobs: publish_release: runs-on: ubuntu-latest + permissions: + # This is useful if you want to use PyPI trusted publisher + # and NPM provenance + id-token: write steps: - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 @@ -26,7 +27,6 @@ jobs: uses: jupyter-server/jupyter_releaser/.github/actions/populate-release@v2 with: token: ${{ secrets.ADMIN_GITHUB_TOKEN }} - target: ${{ github.event.inputs.target }} branch: ${{ github.event.inputs.branch }} release_url: ${{ github.event.inputs.release_url }} steps_to_skip: ${{ github.event.inputs.steps_to_skip }} @@ -34,14 +34,10 @@ jobs: - name: Finalize Release id: finalize-release env: - PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }} - PYPI_TOKEN_MAP: ${{ secrets.PYPI_TOKEN_MAP }} - TWINE_USERNAME: __token__ NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - uses: jupyter-server/jupyter-releaser/.github/actions/finalize-release@v2 + uses: jupyter-server/jupyter_releaser/.github/actions/finalize-release@v2 with: token: ${{ secrets.ADMIN_GITHUB_TOKEN }} - target: ${{ github.event.inputs.target }} release_url: ${{ steps.populate-release.outputs.release_url }} - name: '** Next Step **'