Update PyPI to trusted publisher (#16709)

2 months ago · c17ddcdf70
parent fe61f9d54a
commit c17ddcdf70
2 changed files with 7 additions and 5 deletions
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -17,6 +17,8 @@ jobs:
    if: github.repository == 'ultralytics/ultralytics' && github.actor == 'glenn-jocher'
    name: Publish
    runs-on: ubuntu-latest
+    permissions:
+      id-token: write  # for PyPI trusted publishing
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
@ -85,12 +87,13 @@ jobs:
          if publish:
              print('Ready to publish new version to PyPI ✅.')
        id: check_pypi
+      - name: Build package
+        if: (github.event_name == 'push' || github.event.inputs.pypi == 'true') && steps.check_pypi.outputs.increment == 'True'
+        run: python -m build
      - name: Publish to PyPI
        continue-on-error: true
-        if: (github.event_name == 'push' || github.event.inputs.pypi == 'true')  && steps.check_pypi.outputs.increment == 'True'
-        run: |
-          python -m build
-          python -m twine upload dist/* -u __token__ -p ${{ secrets.PYPI_TOKEN }}
+        if: (github.event_name == 'push' || github.event.inputs.pypi == 'true') && steps.check_pypi.outputs.increment == 'True'
+        uses: pypa/gh-action-pypi-publish@release/v1
      - name: Publish new tag
        if: (github.event_name == 'push' || github.event.inputs.pypi == 'true')  && steps.check_pypi.outputs.increment == 'True'
        run: |
--- a/pyproject.toml
+++ b/pyproject.toml
@ -34,7 +34,6 @@ keywords = ["machine-learning", "deep-learning", "computer-vision", "ML", "DL",
 authors = [
    { name = "Glenn Jocher", email = "glenn.jocher@ultralytics.com" },
    { name = "Jing Qiu", email = "jing.qiu@ultralytics.com" },
-    { name = "Ayush Chaurasia" },
 ]
 maintainers = [
    { name = "Ultralytics", email = "hello@ultralytics.com" },