Add id-token permission for PyPI trusted publishing

GraphBLAS · Oct 16, 2023 · 85cf9a4 · 85cf9a4
1 parent 093c2ad
commit 85cf9a4
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml
@@ -25,6 +25,10 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  # For PyPI Trusted Publisher
+  id-token: write
+
 jobs:
   build_sdist:
     name: Build SDist
@@ -225,6 +229,7 @@ jobs:
 
       # Upload to PyPI
       - uses: pypa/gh-action-pypi-publish@release/v1
+        name: Upload to PyPI
         if: github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && github.event.inputs.upload_dest == 'PyPI')
         with:
           # PyPI does not allow replacing a file. Without this flag the entire action fails if even a single duplicate exists.
@@ -234,6 +239,7 @@ jobs:
 
       # Upload to Test PyPI
       - uses: pypa/gh-action-pypi-publish@release/v1
+        name: Upload to Test PyPI
         if: github.event_name == 'workflow_dispatch' && github.event.inputs.upload_dest == 'Test PyPI'
         with:
           # PyPI does not allow replacing a file. Without this flag the entire action fails if even a single duplicate exists.