PyPI release update

This commit updates the pypi release process. It uses PyPI Trusted Publisher Management and gh-action-pypi-publish action instead of private token. This change will make our pypi process more simple and more secure. Reference: #5903 Signed-off-by: Jan Richter <[email protected]>
avocado-framework · May 3, 2024 · 7e7bd75 · 7e7bd75
1 parent 58c4ec7
commit 7e7bd75
Showing 1 changed file with 19 additions and 6 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -80,12 +80,25 @@ jobs:
         run: |
           make -f Makefile.gh build-update-readthedocs
       - run: echo "In a few minutes the release documentation will be available in https://${{ github.event.inputs.rtd_project }}.readthedocs.io/en/${{ github.event.inputs.version }}/"
-      - name: Upload to pypi
-        continue-on-error: true
-        env:
-          TWINE_USERNAME: ${{ secrets.PYPI_USER }}
-          TWINE_PASSWORD: ${{ secrets.PYPI_PASSWD }}
-        run: make -f Makefile.gh update-pypi
+
+  publish-to-pypi:
+    name: Publish Avocado to PyPI
+    needs:
+    - release
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/avocado-framework
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+    steps:
+    - name: Download all the wheels
+      uses: actions/download-artifact@v4
+      with:
+        name: wheel
+        path: dist/
+    - name: Publish avocado to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
 
   build-and-publish-eggs:
     name: Build eggs and publish them