ansys · prmukherj · Aug 12, 2025 · Aug 1, 2025 · Aug 1, 2025 · Aug 4, 2025
@@ -632,6 +632,10 @@
     if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
     needs: [test, update-changelog, nightly-dev-test]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write       # required for trusted publishing
+      contents: write       # required for GitHub release upload
+
     steps:
       - name: Set up Python
         uses: actions/setup-python@v5
@@ -653,14 +657,19 @@
           TWINE_PASSWORD: ${{ secrets.PYANSYS_PYPI_PRIVATE_PAT }}
           TWINE_REPOSITORY_URL: https://pkgs.dev.azure.com/pyansys/_packaging/pyansys/pypi/upload
 
-      - name: Upload to Public PyPi
-        run: |
-          pip install twine
-          twine upload --skip-existing ./**/*.whl
-          python -m twine upload --skip-existing ./**/*.tar.gz
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.ANSYS_FLUENT_CORE_PYPI_TOKEN }}
+      - name: "Download the library artifacts from build-library step"
+        uses: actions/[email protected]
+        with:
+          name: ${{ env.PACKAGE_NAME }}-artifacts
+          path: ${{ env.PACKAGE_NAME }}-artifacts
+
+      - name: "Upload artifacts to PyPI using trusted publisher"
+        uses: pypa/[email protected]
+        with:
+          repository-url: "https://upload.pypi.org/legacy/"
+          print-hash: true
+          packages-dir: ${{ env.PACKAGE_NAME }}-artifacts
+          skip-existing: false
 
       - name: Release
         uses: softprops/action-gh-release@v2

@@ -0,0 +1 @@
+Update release CI to use trusted publishers.