🎨 Show GH environments use in README examples

It is a useful protection feature giving the end-users more control
over the release flow and trust.
This commit is contained in:
Sviatoslav Sydorenko 2023-04-24 07:04:43 +02:00
parent 3b6670b0bd
commit 7a1a355fb5
No known key found for this signature in database
GPG key ID: 9345E8FEA89CA455

View file

@ -86,6 +86,9 @@ jobs:
pypi-publish:
name: Upload release to PyPI
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/<your-pypi-project-name>
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
steps:
@ -103,6 +106,7 @@ Other indices that support trusted publishing can also be used, like TestPyPI:
with:
repository-url: https://test.pypi.org/legacy/
```
_(don't forget to update the environment name to `testpypi` or similar!)_
> **Pro tip**: only set the `id-token: write` permission in the job that does
> publishing, not globally. Also, try to separate building from publishing