Merge pull request #74 from HERA-Team/trusted-deployment

ci: update to OICD pypi deployment

Author: steven-murray

.github/workflows/publish-to-pypi.yaml

@@ -6,6 +6,9 @@ jobs:
   build-n-publish:
     name: Deploy
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
+
     steps:
       - uses: actions/checkout@master
       # https://github.com/ansible/pylibssh/blob/1e7b17f/.github/workflows/build-test-n-publish.yml#L146-L151
@@ -15,10 +18,10 @@ jobs:
           git fetch --depth=1 origin +refs/tags/*:refs/tags/*
           git describe --tags
           git describe --tags $(git rev-list --tags --max-count=1)
-      - name: Set up Python 3.9
+      - name: Set up Python 3.11
         uses: actions/setup-python@v1
         with:
-          python-version: 3.9
+          python-version: 3.11
       - name: Install pep517
         run: |
           python -m pip install build
@@ -36,15 +39,13 @@ jobs:
       # already exist, and thus fail.
       - name: Publish distribution 📦 to Test PyPI
         if: ${{ !contains(github.ref, 'main') }}
-        uses: pypa/gh-action-pypi-publish@master
+        uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          password: ${{ secrets.test_pypi_password }}
           repository_url: https://test.pypi.org/legacy/
           skip_existing: true
       # deploy to actual PyPI only when a tag is pushed to main
       - name: Publish distribution 📦 to PyPI
         if: startsWith(github.ref, 'refs/tags')
-        uses: pypa/gh-action-pypi-publish@master
+        uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          password: ${{ secrets.pypi_password }}
           skip_existing: true

.pre-commit-config.yaml

@@ -32,7 +32,7 @@ repos:
       - flake8-comprehensions
       - flake8-print
 
-- repo: https://github.com/psf/black
+- repo: https://github.com/psf/black-pre-commit-mirror
   rev: 23.11.0
   hooks:
   - id: black