diff --git a/.github/workflows/Publish.yml b/.github/workflows/Publish.yml index 36184d2..230a214 100644 --- a/.github/workflows/Publish.yml +++ b/.github/workflows/Publish.yml @@ -13,6 +13,7 @@ jobs: publish-pypi: name: Python Distribution runs-on: ubuntu-latest + environment: publish steps: - name: Set up Python @@ -35,12 +36,12 @@ jobs: uses: pypa/gh-action-pypi-publish@release/v1 with: print-hash: true - user: ${{ secrets.REPO_USER }} - password: ${{ secrets.REPO_PASSWORD }} trigger-docs: name: Trigger Docs runs-on: ubuntu-latest + environment: publish + steps: - name: Update docs uses: pitt-crc/keystone-docs/.github/actions/update-action/@main diff --git a/.github/workflows/Release.yml b/.github/workflows/Release.yml index 21eff1e..767906f 100644 --- a/.github/workflows/Release.yml +++ b/.github/workflows/Release.yml @@ -40,5 +40,7 @@ jobs: needs: [ version, test ] uses: ./.github/workflows/Publish.yml secrets: inherit + permissions: + id-token: write with: version: ${{needs.version.outputs.version}}