Use PyPI trusted publishing to push release to PyPI (#651)

* Use PyPI trusted publishing to push release to PyPI * Add id-token:write permissions
pyapp-kit · Jun 5, 2024 · cec8109 · cec8109
1 parent df083f1
commit cec8109
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/.github/workflows/test_and_deploy.yml b/.github/workflows/test_and_deploy.yml
@@ -133,6 +133,8 @@ jobs:
     needs: test
     runs-on: ubuntu-latest
     if: ${{ github.repository == 'pyapp-kit/magicgui' && contains(github.ref, 'tags') }}
+    permissions:
+      id-token: write
     steps:
       - uses: actions/checkout@v4
         with:
@@ -155,8 +157,5 @@ jobs:
         with:
           files: dist/*
           body_path: ${{ github.workspace }}/CHANGELOG.md
-      - name: Publish
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.TWINE_API_KEY }}
-        run: twine upload dist/*
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1