mirror of
https://gitcode.com/gh_mirrors/gh/gh-action-pypi-publish.git
synced 2026-07-02 18:27:49 +00:00
🎨 Show GH environments use in README examples
It is a useful protection feature giving the end-users more control over the release flow and trust.
This commit is contained in:
@@ -86,6 +86,9 @@ jobs:
|
|||||||
pypi-publish:
|
pypi-publish:
|
||||||
name: Upload release to PyPI
|
name: Upload release to PyPI
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
environment:
|
||||||
|
name: pypi
|
||||||
|
url: https://pypi.org/p/<your-pypi-project-name>
|
||||||
permissions:
|
permissions:
|
||||||
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
|
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
|
||||||
steps:
|
steps:
|
||||||
@@ -103,6 +106,7 @@ Other indices that support trusted publishing can also be used, like TestPyPI:
|
|||||||
with:
|
with:
|
||||||
repository-url: https://test.pypi.org/legacy/
|
repository-url: https://test.pypi.org/legacy/
|
||||||
```
|
```
|
||||||
|
_(don't forget to update the environment name to `testpypi` or similar!)_
|
||||||
|
|
||||||
> **Pro tip**: only set the `id-token: write` permission in the job that does
|
> **Pro tip**: only set the `id-token: write` permission in the job that does
|
||||||
> publishing, not globally. Also, try to separate building from publishing
|
> publishing, not globally. Also, try to separate building from publishing
|
||||||
|
|||||||
Reference in New Issue
Block a user