Using Trusted Publishers for uploading to PyPi. (#3888)

ludwig-ai · Jan 17, 2024 · 404610a · 404610a
1 parent 10b8bb0
commit 404610a
Showing 1 changed file with 10 additions and 31 deletions.
diff --git a/.github/workflows/upload-pypi.yml b/.github/workflows/upload-pypi.yml
@@ -1,35 +1,14 @@
-name: Upload to PyPI
-
-on:
-  # Triggers the workflow when a release or draft of a release is published,
-  # or a pre-release is changed to a release
-  release:
-    types: [released]
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-
 jobs:
-  upload:
+  pypi-publish:
+    name: upload release to PyPI
     runs-on: ubuntu-latest
+    # Specifying a GitHub environment is optional, but strongly encouraged
+    environment: release
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          submodules: "recursive"
-
-      - uses: actions/setup-python@v2
-        with:
-          python-version: 3.8
-
-      - name: Install Twine
-        run: |
-          python -m pip install --upgrade pip
-          python -m pip install setuptools wheel twine
+      # retrieve your distributions here
 
-      - name: Build and upload to PyPI
-        run: |
-          python setup.py sdist
-          python -m twine upload dist/*
-        env:
-          TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
-          TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1