chore(ci): switch to JWT-based PyPi uploading

PyPi now supports authenticating via the GitHub-provided JWT[1]. [1]: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/
HearthSim · Apr 24, 2023 · c2dfa3b · c2dfa3b
1 parent 5ae15cd
commit c2dfa3b
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -10,8 +10,11 @@ on:
 
 jobs:
   release-hearthstone-data-job:
-    runs-on: ubuntu-latest
     name: Release hearthstone-data
+    runs-on: ubuntu-latest
+    permissions:
+      # required to authenticate for the PyPi upload below
+      id-token: write
     steps:
     - uses: actions/checkout@v2
       with:
@@ -32,6 +35,3 @@ jobs:
         PKGREL: ${{ github.event.inputs.pkgrel }}
     - name: Upload to pypi
       uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        user: __token__
-        password: ${{ secrets.PYPI_API_TOKEN }}