Merge pull request #26 from rafa-be/pypi_thrusted_publisher

PyPI upload workflow uses trusted publisher instead of PyPI API token
Citi · Oct 2, 2024 · ec0e2db · ec0e2db
2 parents f97ffc0 + f01863b
commit ec0e2db
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 10 deletions.
diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
@@ -9,11 +9,11 @@ permissions:
 
 jobs:
   deploy:
-
     runs-on: ubuntu-latest
-
+    environment: release
+    permissions:
+      id-token: write
     steps:
-      - uses: actions/checkout@v4
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Set up Python 3.8
@@ -23,15 +23,11 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install build twine
+          pip install build
           pip install -r requirements.txt
 
       - name: Build package
         run: python -m build
 
       - name: Publish to PyPI
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
-        run: |
-          python -m twine upload dist/*
+        uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/scaler/about.py b/scaler/about.py
@@ -1 +1 @@
-__version__ = "1.8.4"
+__version__ = "1.8.5"