Use environment and trusted publisher (#105)

eccles · web-flow · commit a8ff069a9f73 · 2025-04-01T08:51:47.000+01:00
Set environment permissions in publish github-action.

AB#10628

Signed-off-by: Paul Hewlett &lt;phewlett76@gmail.com&gt;
diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
@@ -9,6 +9,9 @@ on:
 
 jobs:
   deploy:
+    environment: release
+    permissions:
+      id-token: write # This is required for requesting the JWT
 
     runs-on: ubuntu-latest
 
@@ -18,21 +21,22 @@ jobs:
       uses: actions/setup-python@v5
       with:
         python-version: '3.x'
+
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
         python3 -m pip install -r requirements-dev.txt
         pip install setuptools wheel
-    - name: Build and publish
-      env:
-        TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
-        TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
+      shell: bash
+
+    - name: Create wheel
       run: |
         rm -f archivist_samples/about.py
         ./scripts/version.sh
         cat archivist_samples/about.py
         python3 -m build --sdist
         python3 -m build --wheel
+      shell: bash
 
     - name: Publish to PyPi
       uses: pypa/gh-action-pypi-publish@release/v1
