Move permissions within job in publish.yaml

danirus · Sep 1, 2023 · 8ff347d · 8ff347d
1 parent b69092a
commit 8ff347d
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -4,15 +4,15 @@ on:
     types: [published]
   workflow_dispatch:
 
-permissions:
-  id-token: write
-  contents: write
-
 jobs:
   publish:
     if: github.event_name == 'release'
     runs-on: ubuntu-latest
-    environment: PyPI
+    environment:
+      name: PyPI
+      url: https://pypi.org/p/sphinx-nefertiti
+    permissions:
+      id-token: write
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-python@v3
@@ -23,7 +23,7 @@ jobs:
       - name: Build package
         run: python -m build
       - name: Publish to PyPI
-        uses: pypa/[email protected].6
+        uses: pypa/gh-action-pypi-publish@release/v1.8
         with:
           user: __token__
           password: ${{ secrets.PYPI_API_TOKEN }}