Use PyPI Trusted Publisher approach for releases (#235)

ansys · Sep 20, 2024 · c5c13e2 · c5c13e2
1 parent 5f2301a
commit c5c13e2
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/.github/workflows/build_and_test_library.yml b/.github/workflows/build_and_test_library.yml
@@ -111,13 +111,16 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build-library]
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
+    environment: release
+    permissions:
+      id-token: write
+      contents: write
     steps:
       - name: "Release to public PyPI"
         uses: ansys/actions/release-pypi-public@v7
         with:
           library-name: ${{ env.LIBRARY_NAME }}
-          twine-username: "__token__"
-          twine-token: ${{ secrets.PYPI_TOKEN }}
+          use-trusted-publisher: true
 
       - name: "Release to private PyPI"
         uses: ansys/actions/release-pypi-private@v7