Trusted publish to pypi (#46)

* Move to trusted publishing to pypi * Bumping lock file version
s7clarke10 · Aug 18, 2024 · fabcd63 · fabcd63
1 parent 357f37d
commit fabcd63
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 6 deletions.
diff --git a/.github/workflows/pythonpublish.yml b/.github/workflows/pythonpublish.yml
@@ -6,6 +6,7 @@ on:
 
 permissions:
   contents: read
+  id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
 
 jobs:
   deploy:
@@ -24,6 +25,3 @@ jobs:
       run: python -m build
     - name: Publish package
       uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0
-      with:
-        user: __token__
-        password: ${{ secrets.PYPI_API_TOKEN }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## 5.0.3 (2024-08-19)
+ * Moving to a trusted push to pypi
+
 ## 5.0.2 (2024-08-13)
  * Bump black from 24.4.2 to 24.8.0
  * Bump pylint from 3.2.5 to 3.2.6

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "realit-singer-python"
-version = "5.0.2"
+version = "5.0.3"
 description = "Singer.io utility library - PipelineWise and Meltano compatible"
 authors = []
 license = "Apache 2.0"