ci: 👷 drop use of the token for PyPI release (#99)

* ci: 👷 drop use of the token for PyPI release This repo should be authorized as the trusted publisher. Also adjusted config keys to preferred `kebab-case`. TOKEN itself will be removed once we confirm that this works. * ci: 💚 add permission to the wf call
h2oai · Jul 12, 2024 · bbbffb2 · bbbffb2
1 parent 2978bfb
commit bbbffb2
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 7 deletions.
diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/pypi-release.yml
@@ -32,8 +32,6 @@ jobs:
       - name: Publish distribution 📦 to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          user: __token__
-          password: ${{ secrets.PYPI_TOKEN }}
-          verify_metadata: false
+          verify-metadata: false
           verbose: true
-          print_hash: true
+          print-hash: true
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -30,7 +30,8 @@ jobs:
     if: needs.release-please.outputs.releases_created == 'true'
     needs: release-please
 
-    secrets: inherit
+    permissions:
+      id-token: write
 
   release-api-docs:
     name: Attach API Docs to Release
@@ -44,5 +45,3 @@ jobs:
 
     with:
       tag: ${{ needs.release-please.outputs.tag_name }}
-
-    secrets: inherit