diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index 753e34b6..3990ec31 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -58,6 +58,8 @@ jobs: upload_all: needs: [build_wheels, make_sdist] runs-on: ubuntu-latest + permissions: + id-token: write # required for PyPI trusted publishing (OIDC) if: github.event_name == 'release' && github.event.action == 'published' steps: - uses: actions/download-artifact@v7