Skip to content

Commit df65d2c

Browse files
committed
fix(ci): switch to legacy PyPI token for publish workflow
PyPI Trusted Publishing (OIDC) is misconfigured for this repository. Use legacy API token stored in PYPI_API_TOKEN secret instead. The pypi/gh-action-pypi-publish action requires a user + password when OIDC is not available. The PYPI_API_TOKEN secret must contain a valid legacy PyPI upload token with access to the hawk-sdk project.
1 parent 9e4786c commit df65d2c

1 file changed

Lines changed: 6 additions & 6 deletions

File tree

.github/workflows/release.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,10 @@
22
# Triggered by release-please when it pushes a v* tag.
33
# Source of truth: https://github.com/GrayCodeAI/hawk/blob/main/.shared-templates/workflows/python-release.yml.tmpl
44
#
5-
# Uses PyPI Trusted Publishing (OIDC) — no API tokens stored in GitHub.
6-
# Configure once at https://pypi.org/manage/account/publishing/
5+
# Uses PyPI legacy API token — OIDC trusted publishing requires manual PyPI config
6+
# that is currently broken for this repository.
7+
# To fix: remove any OIDC/trusted publisher config at https://pypi.org/manage/account/publishing/
8+
# Then configure once with: https://github.com/GrayCodeAI/hawk/blob/main/.shared-templates/workflows/python-release.yml.tmpl
79

810
name: release
911

@@ -13,14 +15,10 @@ on:
1315

1416
permissions:
1517
contents: read
16-
id-token: write # required for PyPI Trusted Publishing
1718

1819
jobs:
1920
build-and-publish:
2021
runs-on: ubuntu-latest
21-
environment:
22-
name: pypi
23-
url: https://pypi.org/p/hawk-sdk
2422
steps:
2523
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2624

@@ -38,4 +36,6 @@ jobs:
3836
- name: Publish to PyPI
3937
uses: pypa/gh-action-pypi-publish@release/v1
4038
with:
39+
user: __token__
40+
password: ${{ secrets.PYPI_API_TOKEN }}
4141
packages-dir: dist/

0 commit comments

Comments
 (0)