Disabled the trusted publisher concept of Pypi for the time being

Signed-off-by: Andreas Maier <[email protected]>
zhmcclient · Oct 10, 2024 · 87f6b0a · 87f6b0a
1 parent 8b0de4b
commit 87f6b0a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 5 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -16,9 +16,6 @@ jobs:
     name: Build and publish to PyPI
     if: startsWith(github.ref, 'refs/tags')
     runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: write
     steps:
 
     #-------- Info gathering and checks
@@ -179,8 +176,7 @@ jobs:
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
         packages-dir: dist
-        # Pypi has a trusted publisher defined, so we do not need a password:
-        # https://pypi.org/manage/project/zhmc_prometheus_exporter/settings/publishing/
+        password: ${{ secrets.PYPI_API_TOKEN }}
 
     #-------- Creation of Github release
     - name: Determine whether release on Github exists for the pushed tag

diff --git a/changes/noissue.3.fix.rst b/changes/noissue.3.fix.rst
@@ -0,0 +1,3 @@
+Dev: Disabled the trusted publisher concept of Pypi for the time being, to
+avoid the subsequent access errors in the publish workflow that are not yet
+understood.