diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 5bb73d33..901bdc4a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -10,7 +10,11 @@ jobs: build-n-publish: name: Build and publish to PyPI runs-on: ubuntu-latest - + environment: + name: pypi + url: https://pypi.org/p/eoreader + permissions: + id-token: write # IMPORTANT: this permission is mandatory for trusted publishing steps: - name: Checkout source uses: actions/checkout@v4 @@ -20,11 +24,11 @@ jobs: with: python-version: "3.9" - - name: Check that the current version isn't already on PyPi + - name: Check that the current version isn't already on PyPI run: | if [ "$(./get_pypi_latest_version.sh)" != "$(python setup.py --version)" ] then - echo "Current version is not on PyPI, proceed with building" + echo "Current version is not on PyPI, proceed with bulding" else echo "Current version is the latest version uploaded to PyPI" exit 1 @@ -36,6 +40,3 @@ jobs: python setup.py sdist bdist_wheel - name: Publish distribution to PyPI uses: pypa/gh-action-pypi-publish@release/v1 - with: - user: ${{ secrets.PYPI_TOKEN }} - password: ${{ secrets.PYPI_PWD }} diff --git a/CHANGES.md b/CHANGES.md index 698639ec..789698ae 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -10,6 +10,7 @@ - FIX: Reject buggy Maxar products (with version 28.4) as the workaround would be too heavy to implement. ([#106](https://github.com/sertit/eoreader/issues/106)) - OPTIM: Save rasterized masks of DIMAP V2 products on disk to avoid recomputing them (`features.rasterize` could be a heavy computation that shouldn't be done twice) - COMPAT: EOReader works correctly with SNAP 10 ([#165](https://github.com/sertit/eoreader/issues/165)) +- PUBLISH: Use PyPI's Trusted Publisher Management mechanism ## 0.21.2 (2024-07-30)