Add PyPI trusted publishing (#2)

davidbrochart · Nov 8, 2024 · edafd92 · edafd92
1 parent 27ec8dc
commit edafd92
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 11 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -21,16 +21,14 @@ jobs:
           path: ./dist
 
   pypi-publish:
-    needs: ['build']
-    environment: 'publish'
-
     name: Upload release to PyPI
+    needs: build
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write
     steps:
-      - uses: actions/download-artifact@v4
-
-      - name: Publish package to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_TOKEN }}
-          packages_dir: artifact/
+    - name: Retrieve packages
+      uses: actions/download-artifact@v4
+    - name: Upload packages
+      uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -28,9 +28,10 @@ jobs:
       - name: Check types
         run: mypy src/zmq_anyio
       - name: Run tests
+        if: ${{ !((matrix.python-version == '3.13') && (matrix.os == 'ubuntu-latest')) }}
         run: pytest --color=yes -v tests
       - name: Run code coverage
         if: ${{ (matrix.python-version == '3.13') && (matrix.os == 'ubuntu-latest') }}
         run: |
-          coverage run -m pytest tests
+          coverage run -m pytest --color=yes -v tests
           coverage report