## 事象 [[GitHub Actions]]にて。 https://github.com/tadashi-aikawa/owlmixin/actions/runs/12593890761/job/35100557635#step:6:710 ```error warning: `uv publish` is experimental and may change without warning Publishing 2 files https://upload.pypi.org/legacy/ Note: Neither credentials nor keyring are configured, and there was an error fetching the trusted publishing token. If you don't want to use trusted publishing, you can ignore this error, but you need to provide credentials. Trusted publishing error: Environment variable ACTIONS_ID_TOKEN_REQUEST_TOKEN not set, is the `id-token: write` permission missing? Uploading owlmixin-7.0.0-py3-none-any.whl (20.2KiB) error: Failed to publish `dist/owlmixin-7.0.0-py3-none-any.whl` to https://upload.pypi.org/legacy/ Caused by: Failed to send POST request Caused by: Missing credentials for https://upload.pypi.org/legacy/ make: *** [Makefile:73: release] Error 2 Error: Process completed with exit code 2. ``` ## 原因 [[GitHub Actions]]が[[OIDCトークン]]([[JWT]])を生成するための権限がないから。 ## 解決方法 `id-token` に `write` 権限をつける。 ```yaml jobs: release: permissions: id-token: write contents: read ``` ## 参考 - [About security hardening with OpenID Connect \- GitHub Docs](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect)