From 83feae4eb2b043f63e710acdc2959143cb746fc8 Mon Sep 17 00:00:00 2001 From: Jesse Hills <3060199+jesserockz@users.noreply.github.com> Date: Wed, 17 Apr 2024 16:55:13 +1200 Subject: [PATCH] Use trusted publishing token for pypi (#6545) --- .github/workflows/release.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2e1177d13f..72b06ab4fe 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -47,6 +47,9 @@ jobs: name: Build and publish to PyPi if: github.repository == 'esphome/esphome' && github.event_name == 'release' runs-on: ubuntu-latest + permissions: + contents: read + id-token: write steps: - uses: actions/checkout@v4.1.1 - name: Set up Python @@ -56,16 +59,11 @@ jobs: - name: Set up python environment env: ESPHOME_NO_VENV: 1 - run: | - script/setup - pip install twine + run: script/setup - name: Build run: python setup.py sdist bdist_wheel - - name: Upload - env: - TWINE_USERNAME: __token__ - TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }} - run: twine upload dist/* + - name: Publish + uses: pypa/gh-action-pypi-publish@v1.8.14 deploy-docker: name: Build ESPHome ${{ matrix.platform }}