Use trusted publishing token (#862)

2024-04-17 10:26:39 +12:00 · 2024-04-17 10:26:39 +12:00 · 0ad9dd5aa5
parent 725e501815
commit 0ad9dd5aa5
1 changed files with 4 additions and 4 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -58,11 +58,11 @@ jobs:
      id-token: write
    if: github.event_name == 'release' && github.event.action == 'published'
    steps:
-      - uses: actions/download-artifact@v3
+      - name: Download artifacts
+        uses: actions/download-artifact@v3
        with:
          name: artifact
          path: dist

-      - uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_TOKEN }}
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@v1.8.14