Add attestations to allow publishing to Pypi

nicolargo · Nov 1, 2024 · ccf837e · ccf837e
1 parent 6095ead
commit ccf837e
Showing 1 changed file with 1 addition and 7 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -37,6 +37,7 @@ jobs:
     runs-on: ubuntu-latest
 
     permissions:
+      attestations: write
       id-token: write
 
     steps:
@@ -69,20 +70,13 @@ jobs:
         if: github.ref == 'refs/heads/develop'
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          # user and password should be removed
-          # because Github action is a trusted publiser
-          # user: __token__
-          # password: ${{ secrets.TEST_PYPI_API_TOKEN }}
           repository-url: https://test.pypi.org/legacy/
           skip-existing: true
 
       - name: Publish distribution package to PyPI
         if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          # user and password should be removed (if it is ok on test.pypi)
-          # user: __token__
-          # password: ${{ secrets.PYPI_API_TOKEN }}
           skip-existing: true
 
   create_Docker_builds: