From 3c6eaac661fd2317aaa7ff8f4008aafece093947 Mon Sep 17 00:00:00 2001 From: Jordan Acosta Date: Wed, 10 Jan 2024 08:34:54 -0800 Subject: [PATCH] feat: use trusted publisher --- .github/workflows/release.yml | 17 +++++++++++++++++ scripts/publish.sh | 2 -- scripts/publish_script.sh | 10 ---------- 3 files changed, 17 insertions(+), 12 deletions(-) delete mode 100755 scripts/publish_script.sh diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3ee4fa8f..ffa334db 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,3 +14,20 @@ jobs: release: uses: nuonco/.github/.github/workflows/release.yml@main secrets: inherit + pypi-publish: + name: upload release to PyPI + runs-on: ubuntu-latest + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + with: + python-version: "3.x" + - name: deps + run: python -m pip install -U build + - name: build + run: python -m build + - name: Publish package distributions to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/scripts/publish.sh b/scripts/publish.sh index bd725779..d16956cf 100755 --- a/scripts/publish.sh +++ b/scripts/publish.sh @@ -1,3 +1 @@ #/bin/bash - -docker run -w /local --rm -v ${PWD}:/local python:3.12.1-alpine /local/scripts/publish_script.sh diff --git a/scripts/publish_script.sh b/scripts/publish_script.sh deleted file mode 100755 index b4762142..00000000 --- a/scripts/publish_script.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# Must be /bin/sh because this script is meant to be run in Alpine, -# which uses busybox and doesn't have bash. - -python -m pip install build twine - -python -m build - -twine upload -r testpypi dist/* -# twine upload dist/* --non-interactive --username $NUONBOT_PYPI_USERNAME --password $NUONBOT_PYPI_PASSWORD