Skip to content

Commit f7910c8

Browse files
Prathamesh Juvatkarclaude
Prathamesh Juvatkar
and
claude
committed
Switch PyPI publishing from API token to OIDC trusted publishing
- Add permissions.id-token: write to publish workflow - Remove --token flag from uv publish (uv auto-detects OIDC in GH Actions) - Remove PYPI_TOKEN env var from workflow Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 214ff0f commit f7910c8

2 files changed

Lines changed: 3 additions & 3 deletions

File tree

.github/workflows/publish-pypi.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ jobs:
1212
publish:
1313
name: publish
1414
runs-on: ubuntu-latest
15+
permissions:
16+
id-token: write
1517

1618
steps:
1719
- uses: actions/checkout@v6
@@ -24,5 +26,3 @@ jobs:
2426
- name: Publish to PyPI
2527
run: |
2628
bash ./bin/publish-pypi
27-
env:
28-
PYPI_TOKEN: ${{ secrets.DOCSTRANGE_PYPI_TOKEN || secrets.PYPI_TOKEN }}

bin/publish-pypi

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,4 +4,4 @@ set -eux
44
rm -rf dist
55
mkdir -p dist
66
uv build
7-
uv publish --token=$PYPI_TOKEN
7+
uv publish

0 commit comments

Comments
 (0)