From 7a1a355fb5ad6afb4e8f748ad036708c1c61c396 Mon Sep 17 00:00:00 2001 From: Sviatoslav Sydorenko Date: Mon, 24 Apr 2023 07:04:43 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=8E=A8=20Show=20GH=20environments=20use?= =?UTF-8?q?=20in=20README=20examples?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It is a useful protection feature giving the end-users more control over the release flow and trust. --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index db79713..2d4bfcc 100644 --- a/README.md +++ b/README.md @@ -86,6 +86,9 @@ jobs: pypi-publish: name: Upload release to PyPI runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/p/ permissions: id-token: write # IMPORTANT: this permission is mandatory for trusted publishing steps: @@ -103,6 +106,7 @@ Other indices that support trusted publishing can also be used, like TestPyPI: with: repository-url: https://test.pypi.org/legacy/ ``` +_(don't forget to update the environment name to `testpypi` or similar!)_ > **Pro tip**: only set the `id-token: write` permission in the job that does > publishing, not globally. Also, try to separate building from publishing