Skip to content

Commit

Permalink
🎨 Show GH environments use in README examples
Browse files Browse the repository at this point in the history
It is a useful protection feature giving the end-users more control
over the release flow and trust.
  • Loading branch information
webknjaz committed Apr 24, 2023
1 parent 3b6670b commit 7a1a355
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,9 @@ jobs:
pypi-publish:
name: Upload release to PyPI
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/<your-pypi-project-name>
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
steps:
Expand All @@ -103,6 +106,7 @@ Other indices that support trusted publishing can also be used, like TestPyPI:
with:
repository-url: https://test.pypi.org/legacy/
```
_(don't forget to update the environment name to `testpypi` or similar!)_

> **Pro tip**: only set the `id-token: write` permission in the job that does
> publishing, not globally. Also, try to separate building from publishing
Expand Down

0 comments on commit 7a1a355

Please sign in to comment.