chore: Use Trusted Publishing in durabletask.yml

lmmx · web-flow · commit edb8b4a8a2d1 · 2026-05-20T09:05:07.000+01:00
diff --git a/.github/workflows/durabletask.yml b/.github/workflows/durabletask.yml
@@ -90,34 +90,29 @@ jobs:
     if: startsWith(github.ref, 'refs/tags/v')  # Only run if a matching tag is pushed
     needs: run-tests
     runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
       - name: Extract version from tag
-        run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV  # Extract version from the tag
+        run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV
 
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.14"  # Adjust Python version as needed
+          python-version: "3.14"
 
-      - name: Install dependencies
+      - name: Install build dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install build twine
+          pip install build
 
       - name: Build package from root directory
         run: |
           python -m build
 
-      - name: Check package
-        run: |
-          twine check dist/* 
-
       - name: Publish package to PyPI
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN  }}  # Store your PyPI API token in GitHub Secrets
-        run: | 
-          twine upload dist/*
+        uses: pypa/gh-action-pypi-publish@release/v1
