From 58107b5e9ce1027e938b6e4dd7180cf003ab5039 Mon Sep 17 00:00:00 2001 From: phact Date: Mon, 5 Jan 2026 15:19:50 -0500 Subject: [PATCH] ci sdk auth --- .github/workflows/publish-sdk-python.yml | 11 +++++------ .github/workflows/publish-sdk-typescript.yml | 7 ++++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish-sdk-python.yml b/.github/workflows/publish-sdk-python.yml index 976f2bad..928c9d11 100644 --- a/.github/workflows/publish-sdk-python.yml +++ b/.github/workflows/publish-sdk-python.yml @@ -25,8 +25,8 @@ jobs: with: python-version: '3.12' - - name: Install build tools - run: pip install build twine + - name: Install uv + uses: astral-sh/setup-uv@v4 - name: Extract version from pyproject.toml id: version @@ -46,14 +46,13 @@ jobs: - name: Build package if: steps.check.outputs.exists == 'false' - run: python -m build + run: uv build - name: Publish to PyPI if: steps.check.outputs.exists == 'false' - run: twine upload dist/* + run: uv publish env: - TWINE_USERNAME: __token__ - TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }} + UV_PUBLISH_TOKEN: ${{ secrets.UV_PUBLISH_TOKEN }} - name: Skip publish (version exists) if: steps.check.outputs.exists == 'true' diff --git a/.github/workflows/publish-sdk-typescript.yml b/.github/workflows/publish-sdk-typescript.yml index e70469ce..863a2de8 100644 --- a/.github/workflows/publish-sdk-typescript.yml +++ b/.github/workflows/publish-sdk-typescript.yml @@ -12,6 +12,9 @@ jobs: publish: name: Publish to npm runs-on: ubuntu-latest + permissions: + contents: read + id-token: write defaults: run: working-directory: sdks/typescript @@ -51,9 +54,7 @@ jobs: - name: Publish to npm if: steps.check.outputs.exists == 'false' - run: npm publish --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + run: npm publish --access public --provenance - name: Skip publish (version exists) if: steps.check.outputs.exists == 'true'