Move exposure of github token to only the steps that need it.

aholmes · aholmes · commit f1c623c35d46 · 2023-11-06T10:40:18.000-08:00
diff --git a/source/guides/github-actions-ci-cd-sample/publish-to-test-pypi.yml b/source/guides/github-actions-ci-cd-sample/publish-to-test-pypi.yml
@@ -61,9 +61,6 @@ jobs:
       contents: write  # IMPORTANT: mandatory for making GitHub Releases
       id-token: write  # IMPORTANT: mandatory for sigstore
 
-    env:
-      GITHUB_TOKEN: ${{ github.token }}
-
     steps:
     - name: Download all the dists
       uses: actions/download-artifact@v3
@@ -77,12 +74,16 @@ jobs:
           ./dist/*.tar.gz
           ./dist/*.whl
     - name: Create GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
       run: >-
         gh release create
         '${{ github.ref_name }}'
         --repo '${{ github.repository }}'
         --notes ""
     - name: Upload artifact signatures to GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
       # Upload to GitHub Release using the `gh` CLI.
       # `dist/` contains the built packages, and the
       # sigstore-produced signatures and certificates.
