ci: Updated release ci to use pypi trusted publishing

KennethEnevoldsen · Aug 1, 2023 · e5cec02 · e5cec02
1 parent 1464b68
commit e5cec02
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 18 deletions.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -15,23 +15,28 @@ jobs:
     runs-on: ubuntu-latest
     concurrency: release
 
-    if: ${{ github.ref == 'refs/heads/main' && github.event.workflow_run.conclusion == 'success'}}
+    if: 
     steps:
-      # Checkout action is required for token to persist
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-          token: ${{ secrets.PAT }}
 
       - name: Python Semantic Release
-        uses: relekang/python-semantic-release@v8.0.4
+        id: release
+        uses: python-semantic-release/python-semantic-release@v8.0.0
+        with:
+          github_token: ${{ secrets.PAT }}
+
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        # This action supports PyPI's trusted publishing implementation, which allows authentication to PyPI without a manually 
+        # configured API token or username/password combination. To perform trusted publishing with this action, your project's 
+        # publisher must already be configured on PyPI.
+        # if: steps.release.outputs.released == 'true'
+        if: ${{ github.ref == 'refs/heads/main' && github.event.workflow_run.conclusion == 'success' && steps.release.outputs.released == 'true' }}
+
+      - name: Publish package distributions to GitHub Releases
+        uses: python-semantic-release/upload-to-gh-release@main
+        if: ${{ github.ref == 'refs/heads/main' && github.event.workflow_run.conclusion == 'success' && steps.release.outputs.released == 'true' }}
         with:
           github_token: ${{ secrets.PAT }}
-          # Remember to copy the [tool.semantic_release] section from pyproject.toml
-          # as well
-          # To enable pypi,
-          # 1) Set upload_to_pypi to true in  pyproject.toml and
-          # 2) Set the pypi_token in the repo
-          # 3) Uncomment the two lines below
-          repository_username: __token__
-          repository_password: ${{ secrets.PYPI_API_TOKEN }}