diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 1a9cdcc..d33d9e6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -5,6 +5,8 @@ on: tags: - "*" +permissions: {} + jobs: build: name: Build packages @@ -13,7 +15,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: persist-credentials: false - name: Setup Python @@ -25,7 +27,7 @@ jobs: pip install -r requirements/testing.txt make package - name: Upload packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: python-package-distributions path: dist/ @@ -44,7 +46,7 @@ jobs: steps: - name: Download packages - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v8 with: name: python-package-distributions path: dist/ @@ -61,20 +63,13 @@ jobs: url: ${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }} permissions: contents: write - id-token: write steps: - name: Download packages - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v8 with: name: python-package-distributions path: dist/ - - name: Sign packages - uses: sigstore/gh-action-sigstore-python@v3.0.1 - with: - inputs: >- - ./dist/*.tar.gz - ./dist/*.whl - name: Create GitHub Release env: GH_TOKEN: ${{ github.token }} @@ -82,11 +77,6 @@ jobs: gh release create "$GITHUB_REF_NAME" --repo "$GITHUB_REPOSITORY" + --generate-notes --title "${GITHUB_REPOSITORY#*/} $GITHUB_REF_NAME" - - name: Upload artifact signatures to GitHub Release - env: - GH_TOKEN: ${{ github.token }} - run: >- - gh release upload - "$GITHUB_REF_NAME" dist/** - --repo "$GITHUB_REPOSITORY" + dist/**