From 6f105539c2bdfc60148dc5ba4aec10ebbde1a287 Mon Sep 17 00:00:00 2001
From: Doug Hellmann <doug@doughellmann.com>
Date: Sat, 28 Jan 2023 09:38:57 -0500
Subject: [PATCH] update pypi publishing action

* update publishing action using latest instructions in
  https://github.com/marketplace/actions/pypi-publish
* add debug info
* change secret names to match docs
* remove test upload (secret are not available in PR jobs, see
  https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
---
 .github/workflows/python-publish.yaml | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/python-publish.yaml b/.github/workflows/python-publish.yaml
index bfeb191..75a668f 100644
--- a/.github/workflows/python-publish.yaml
+++ b/.github/workflows/python-publish.yaml
@@ -28,13 +28,12 @@ jobs:
     - name: Build sdist and wheel
       run: |
         python setup.py sdist bdist_wheel
-    - name: Publish distribution to Test PyPI
-      uses: pypa/gh-action-pypi-publish@master
-      with:
-        password: ${{ secrets.test_pypi_password }}
-        repository_url: https://test.pypi.org/legacy/
     - name: Publish distribution to PyPI
-      if: startsWith(github.ref, 'refs/tags')
-      uses: pypa/gh-action-pypi-publish@master
+      # This condition prevents PRs from being published as part of
+      # the test job.
+      if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
+      uses: pypa/gh-action-pypi-publish@v1.6.4
       with:
-        password: ${{ secrets.pypi_password }}
+        password: ${{ secrets.PYPI_API_TOKEN }}
+        verbose: true
+        print_hash: true