diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2890aab..74e0e26 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -5,19 +5,23 @@ on: tags: - "*" +permissions: {} + jobs: build: name: Build packages runs-on: ubuntu-24.04 environment: publish + permissions: + contents: read steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.13" - name: Build packages @@ -25,7 +29,7 @@ jobs: pip install -r requirements/testing.txt make package - name: Upload packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: python-package-distributions path: dist/ @@ -44,7 +48,7 @@ jobs: steps: - name: Download packages - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: python-package-distributions path: dist/ @@ -61,20 +65,13 @@ jobs: url: ${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }} permissions: contents: write - id-token: write steps: - name: Download packages - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: python-package-distributions path: dist/ - - name: Sign packages - uses: sigstore/gh-action-sigstore-python@v3.0.0 - with: - inputs: >- - ./dist/*.tar.gz - ./dist/*.whl - name: Create GitHub Release env: GH_TOKEN: ${{ github.token }} @@ -82,11 +79,6 @@ jobs: gh release create "$GITHUB_REF_NAME" --repo "$GITHUB_REPOSITORY" + --generate-notes --title "${GITHUB_REPOSITORY#*/} $GITHUB_REF_NAME" - - name: Upload artifact signatures to GitHub Release - env: - GH_TOKEN: ${{ github.token }} - run: >- - gh release upload - "$GITHUB_REF_NAME" dist/** - --repo "$GITHUB_REPOSITORY" + dist/**