Use trusted publisher for release

mrbean-bremen · mrbean-bremen · commit 6ece83945193 · 2024-10-24T18:37:11.000+02:00
- see https://docs.pypi.org/trusted-publishers/
diff --git a/.github/workflows/release-deploy.yml b/.github/workflows/release-deploy.yml
@@ -49,6 +49,9 @@ jobs:
 
 
     runs-on: 'ubuntu-latest'
+    environment: release
+    permissions:
+      id-token: write
     name: Deploy to PyPi with Python ${{ matrix.python-version }}
     needs: deploy-windows-exe
 
@@ -68,6 +71,3 @@ jobs:
 
     - name: Publish package to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        user: __token__
-        password: ${{ secrets.PYPI_TOKEN_VALIDATOR }}
diff --git a/CHANGES.md b/CHANGES.md
@@ -10,6 +10,7 @@ The released versions correspond to PyPi releases.
 ### Infrastructure
 * use the current DICOM standard (2024c) for testing
 * make the package compatible to `pydicom` 3.0
+* use trusted publisher for release (see https://docs.pypi.org/trusted-publishers/)
 
 ## [Version 0.6.2](https://pypi.python.org/pypi/dicom-validator/0.6.2) (2024-08-09)
 Fixes a regression in version 0.6.1.
