From 884aca1579b8482ca87b49b8ca103cc22ad0204d Mon Sep 17 00:00:00 2001 From: Mike Jarvis Date: Thu, 6 Jun 2024 11:42:31 -0400 Subject: [PATCH] Switch to trusted pypi upload, rather than token (#1286) --- .github/workflows/wheels.yml | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index e7b0f30818..c422a2a809 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -26,7 +26,7 @@ jobs: - uses: actions/upload-artifact@v5 with: - name: linux-wheels + name: whl-linux path: ./wheelhouse/*.whl build_musl_wheels: @@ -48,7 +48,7 @@ jobs: - uses: actions/upload-artifact@v5 with: - name: musl-wheels + name: whl-musl path: ./wheelhouse/*.whl build_macosx_intel_wheels: @@ -69,7 +69,7 @@ jobs: - uses: actions/upload-artifact@v5 with: - name: macos-wheels + name: whl-macos path: ./wheelhouse/*.whl build_macosx_arm_wheels: @@ -97,7 +97,7 @@ jobs: - uses: actions/upload-artifact@v5 with: - name: arm-wheels + name: whl-arm path: ./wheelhouse/*.whl build_sdist: @@ -106,6 +106,12 @@ jobs: # Just need to build sdist on a single machine runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/p/GalSim + permissions: + id-token: write # IMPORTANT: this permission is mandatory for trusted publishing + steps: - uses: actions/checkout@v4 @@ -123,9 +129,11 @@ jobs: pip install -U -r requirements.txt - name: Download wheels - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: path: ./wheels + pattern: whl-* + merge-multiple: true - name: Build sdist run: | @@ -137,15 +145,11 @@ jobs: run: | echo ls -l wheels ls -l wheels - echo ls -l wheels/* - ls -l wheels/* - cp wheels/*/*.whl dist + cp wheels/*.whl dist echo ls -l dist ls -l dist - name: Publish to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: - user: __token__ - password: ${{ secrets.PYPI_TOKEN }} verbose: true