update

artyom-morozov · artyom-morozov · commit 277a0b2bff38 · 2025-12-02T16:42:36.000-05:00
diff --git a/.github/actions/hatch-release-pypi/action.yml b/.github/actions/hatch-release-pypi/action.yml
@@ -101,43 +101,12 @@ runs:
       shell: bash
       run: hatch build
 
-    # Publish using Trusted Publishing - manual approach for composite action compatibility
+    # Publish using Trusted Publishing - no password required
     # See: https://docs.pypi.org/trusted-publishers/using-a-publisher/
-    - name: Mint PyPI API token via OIDC
-      id: mint-token
-      shell: bash
-      run: |
-        # Retrieve the ambient OIDC token
-        resp=$(curl -sS -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
-          "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=pypi")
-        oidc_token=$(jq -r '.value' <<< "${resp}")
-
-        if [ -z "$oidc_token" ] || [ "$oidc_token" = "null" ]; then
-          echo "::error::Failed to retrieve OIDC token"
-          exit 1
-        fi
-
-        # Exchange the OIDC token for a PyPI API token
-        resp=$(curl -sS -X POST https://pypi.org/_/oidc/mint-token -d "{\"token\": \"${oidc_token}\"}")
-        api_token=$(jq -r '.token' <<< "${resp}")
-
-        if [ -z "$api_token" ] || [ "$api_token" = "null" ]; then
-          echo "::error::Failed to mint PyPI API token. Response: $resp"
-          exit 1
-        fi
-
-        # Mask the token to prevent leaking
-        echo "::add-mask::${api_token}"
-        echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}"
-
     - name: Publish package distributions to PyPI
-      shell: bash
-      env:
-        TWINE_USERNAME: __token__
-        TWINE_PASSWORD: ${{ steps.mint-token.outputs.api-token }}
-      run: |
-        pip install --quiet twine
-        twine upload --verbose dist/*
+      uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
+      with:
+        verbose: true
 
     - name: Push version bump commit to main
       if: ${{ env.SKIP_BUMP == '0' }}
@@ -159,7 +128,7 @@ runs:
     - name: Generate Release Notes
       id: generate_release_notes
       continue-on-error: true
-      uses: SolaceDev/solace-public-workflows/generate-github-release-notes@main
+      uses: solacedev/solace-public-workflows/generate-github-release-notes@main
       with:
         from-ref: ${{ env.CURRENT_VERSION }}
         to-ref: ${{ env.NEW_VERSION }}
