From a59bf7bc5bc9ec863fd359be453e326c727008ce Mon Sep 17 00:00:00 2001 From: Florian Bruhin Date: Wed, 16 Aug 2023 19:20:27 +0200 Subject: ci: Set twine PyPI token --- .github/workflows/release.yml | 8 +++++++- scripts/dev/build_release.py | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1323ce605..288186eb1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -149,8 +149,14 @@ jobs: run: | python -m pip install -U pip python -m pip install -U -r misc/requirements/requirements-tox.txt + # FIXME consider switching to trusted publishers: + # https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/ - name: Build and upload release - run: "tox -e build-release -- --upload --no-confirm --experimental --gh-token ${{ secrets.GITHUB_TOKEN }}" + run: "tox -e build-release -- --upload --no-confirm --experimental" + env: + TWINE_USERNAME: __token__ + TWINE_PASSWORD: ${{ secrets.QUTEBROWSER_BOT_TEST_PYPI_TOKEN }} # FIXME use real token + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} finalize: runs-on: ubuntu-20.04 timeout-minutes: 5 diff --git a/scripts/dev/build_release.py b/scripts/dev/build_release.py index acbe31507..fe2ec16c3 100755 --- a/scripts/dev/build_release.py +++ b/scripts/dev/build_release.py @@ -539,6 +539,9 @@ def read_github_token( if arg_token is not None: return arg_token + if "GITHUB_TOKEN" in os.environ: + return os.environ["GITHUB_TOKEN"] + token_path = pathlib.Path.home() / '.gh_token' if not token_path.exists(): if optional: -- cgit v1.2.3-54-g00ecf