diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 889f230..b08c518 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -23,40 +23,20 @@ jobs: runs-on: "ubuntu-latest" needs: - "build" - - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + environment: + name: "pypi" + url: "https://pypi.org/p/pulp-certguard" + permissions: + id-token: "write" steps: - - uses: "actions/checkout@v4" - with: - fetch-depth: 1 - path: "pulp-certguard" - - uses: "actions/download-artifact@v4" with: name: "plugin_package" - path: "pulp-certguard/dist/" - - - uses: "actions/setup-python@v5" - with: - python-version: "3.11" + path: "dist/" - - name: "Install python dependencies" - run: | - echo ::group::PYDEPS - pip install twine - echo ::endgroup:: - - - name: "Setting secrets" - run: | - python3 .github/workflows/scripts/secrets.py "$SECRETS_CONTEXT" - env: - SECRETS_CONTEXT: "${{ toJson(secrets) }}" - - - name: "Deploy plugin to pypi" - run: | - .github/workflows/scripts/publish_plugin_pypi.sh ${{ github.ref_name }} + - name: "Publish package to PyPI" + uses: pypa/gh-action-pypi-publish@release/v1 create-gh-release: runs-on: "ubuntu-latest" @@ -97,14 +77,16 @@ jobs: - name: "Create release on GitHub" uses: "actions/github-script@v7" + env: + RELEASE_BODY: ${{ steps.get_release_notes.outputs.body }} with: script: | - const { TAG_NAME } = process.env; + const { TAG_NAME, RELEASE_BODY } = process.env; await github.rest.repos.createRelease({ owner: context.repo.owner, repo: context.repo.repo, tag_name: TAG_NAME, - body: `${{ steps.get_release_notes.outputs.body }}`, + body: RELEASE_BODY, make_latest: "legacy", });