From cc767e067f5968352a61046c8ae34a9eda765c17 Mon Sep 17 00:00:00 2001 From: Brian Ward Date: Thu, 16 Oct 2025 10:34:16 -0400 Subject: [PATCH] Update release CI to use trusted publishing --- .github/workflows/release.yml | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b97804e6..c3a8e368 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,29 +1,27 @@ -name: ReleaseCmdStanPy +name: Release CmdStanPy on: workflow_dispatch: inputs: new_version: - description: 'New version, for example: 0.9.69' + description: "New version, for example: 0.9.69" required: true jobs: release-cmdstanpy: - name: publish release and update read the docs default version - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-latest] - python-version: [3.9] - fail-fast: false + name: publish release + runs-on: ubuntu-latest + environment: publishing + permissions: + id-token: write # OIDC + contents: write + steps: - name: Check out source code uses: actions/checkout@v5 - - name: Set up Python ${{ matrix.python-version }} + - name: Set up Python uses: actions/setup-python@v6 - with: - python-version: ${{ matrix.python-version }} - name: Install os dependencies run: | @@ -32,7 +30,7 @@ jobs: - name: Install dependencies (python) run: | - python -m pip install --upgrade pip wheel build twine requests + python -m pip install --upgrade pip wheel build pip install -e .[docs,test] - name: Install CmdStan @@ -84,9 +82,9 @@ jobs: - name: Install bdist_wheel run: pip install dist/*.whl - - name: Upload to pypi + - name: Publish on PyPI if: success() - env: - TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }} - TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} - run: python -m twine upload -u ${TWINE_USERNAME} -p ${TWINE_PASSWORD} --skip-existing dist/* + uses: pypa/gh-action-pypi-publish@v1.13.0 + with: + packages-dir: dist/ + skip-existing: true