From 49333219487ac3aab30f8458c581602a2ac054c9 Mon Sep 17 00:00:00 2001
From: Michael Overmeyer <michael@overmeyer.io>
Date: Mon, 16 Oct 2023 09:18:01 -0400
Subject: [PATCH] Run sensitive jobs within environments

Allows for fine-grain security controls.

https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
---
 .github/workflows/publish.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 2536e80..3030bbf 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -210,6 +210,7 @@ jobs:
     needs:
       [pre_build_sanity_check, build_wheels, build_wheels_windows, build_sdist]
     runs-on: ubuntu-latest
+    environment: test_pypi
 
     steps:
       - uses: actions/download-artifact@v3
@@ -303,6 +304,7 @@ jobs:
         pre_publish_sanity_check,
       ]
     runs-on: ubuntu-latest
+    environment: production_pypi
 
     steps:
       - uses: actions/download-artifact@v3