mirror of
https://github.com/pypa/gh-action-pypi-publish.git
synced 2024-12-28 18:04:50 -05:00
🎨 Show GH environments use in README examples
It is a useful protection feature giving the end-users more control over the release flow and trust.
This commit is contained in:
parent
3b6670b0bd
commit
7a1a355fb5
1 changed files with 4 additions and 0 deletions
|
@ -86,6 +86,9 @@ jobs:
|
|||
pypi-publish:
|
||||
name: Upload release to PyPI
|
||||
runs-on: ubuntu-latest
|
||||
environment:
|
||||
name: pypi
|
||||
url: https://pypi.org/p/<your-pypi-project-name>
|
||||
permissions:
|
||||
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
|
||||
steps:
|
||||
|
@ -103,6 +106,7 @@ Other indices that support trusted publishing can also be used, like TestPyPI:
|
|||
with:
|
||||
repository-url: https://test.pypi.org/legacy/
|
||||
```
|
||||
_(don't forget to update the environment name to `testpypi` or similar!)_
|
||||
|
||||
> **Pro tip**: only set the `id-token: write` permission in the job that does
|
||||
> publishing, not globally. Also, try to separate building from publishing
|
||||
|
|
Loading…
Reference in a new issue