Publishing to PyPI with trusted publishers (Cherry-pick of #570) (#597)

This PR changes the wheel-build job to publish the package to PyPI with the trusted publisher mechanism following the steps in https://docs.pypi.org/trusted-publishers/using-a-publisher/ and https://github.com/Qiskit/rustworkx/pull/1001/files Co-authored-by: Arnau Casau <[email protected]>
Qiskit · Mar 1, 2024 · 8d9f1de · 8d9f1de
1 parent c426b76
commit 8d9f1de
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,6 +7,9 @@ jobs:
   wheel-build:
     name: Build and Publish Release Artifacts
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write
     if: github.repository_owner == 'Qiskit'
     steps:
       - uses: actions/checkout@v3
@@ -15,16 +18,15 @@ jobs:
         with:
           python-version: '3.8'
       - name: Install Deps
-        run: pip install -U twine build
+        run: pip install -U build
       - name: Build Artifacts
         run: |
           python -m build
         shell: bash
       - uses: actions/upload-artifact@v3
         with:
           path: ./dist/qiskit*
-      - name: Publish to PyPi
-        env:
-          TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
-          TWINE_USERNAME: qiskit
-        run: twine upload dist/qiskit*
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          path: ./dist/qiskit*