From 9db498801e6311a9ed89b8265e6c5d847042c6fb Mon Sep 17 00:00:00 2001 From: Santiago Figueroa Manrique Date: Wed, 30 Apr 2025 16:54:45 +0200 Subject: [PATCH 1/2] [skip ci] test trusted publisher Signed-off-by: Santiago Figueroa Manrique --- .github/workflows/main.yml | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 37d30a6..9af23a6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,10 +10,8 @@ jobs: name: "Upload latest msgpack-cxx version to PyPI" runs-on: ubuntu-latest permissions: - contents: read - env: - TWINE_USERNAME: ${{ secrets.PYPI_USER }} - TWINE_PASSWORD: ${{ secrets.PYPI_PASS }} + contents: write + id-token: write # Required for Trusted Publishing steps: - uses: actions/checkout@v4 @@ -21,7 +19,7 @@ jobs: - name: Setup python uses: actions/setup-python@v5 with: - python-version: "3.11" + python-version: "3.13" architecture: x64 - name: Install dependencies @@ -67,9 +65,17 @@ jobs: - name: List assets run: ls ./wheelhouse/ -al - - name: Upload wheels - if: github.event_name == 'workflow_dispatch' - run: | - pip install twine - echo "Publish to PyPI..." - twine upload --verbose wheelhouse/* + - name: Upload assets to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + # To test, use the TestPyPI: + repository-url: https://test.pypi.org/legacy/ + # You must also create an account and project on TestPyPI, + # as well as set the trusted-publisher in the project settings: + # https://docs.pypi.org/trusted-publishers/adding-a-publisher/ + # To publish to the official PyPI repository, just keep + # repository-url commented out. + packages-dir: wheelhouse + skip-existing: true + print-hash: true + verbose: true From fc9c5ca6a1c3f1e4519f3b716e0535cfd6e5088e Mon Sep 17 00:00:00 2001 From: Santiago Figueroa Manrique Date: Wed, 30 Apr 2025 17:00:36 +0200 Subject: [PATCH 2/2] rename and remove testing Signed-off-by: Santiago Figueroa Manrique --- .github/workflows/{main.yml => ci.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{main.yml => ci.yml} (97%) diff --git a/.github/workflows/main.yml b/.github/workflows/ci.yml similarity index 97% rename from .github/workflows/main.yml rename to .github/workflows/ci.yml index 9af23a6..b347696 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/ci.yml @@ -69,7 +69,7 @@ jobs: uses: pypa/gh-action-pypi-publish@release/v1 with: # To test, use the TestPyPI: - repository-url: https://test.pypi.org/legacy/ + # repository-url: https://test.pypi.org/legacy/ # You must also create an account and project on TestPyPI, # as well as set the trusted-publisher in the project settings: # https://docs.pypi.org/trusted-publishers/adding-a-publisher/