From 1722848651cac99d57281c7e5c5f1dc724ecf9ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anton=20Gr=C3=BCbel?= <anton.gruebel@gmail.com>
Date: Thu, 11 Jan 2024 22:12:47 +0100
Subject: [PATCH] ci: use pypi trusted publishing (#258)

use pypi trusted publishing

Signed-off-by: gruebel <anton.gruebel@gmail.com>
---
 .github/workflows/release.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ea28b8f..667b8f2 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -33,6 +33,10 @@ jobs:
 
   release:
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing to pypi
+      id-token: write
     needs: release-please
     if: ${{ needs.release-please.outputs.release_created }}
     container:
@@ -76,5 +80,3 @@ jobs:
 
       - name: Publish a Python distribution to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}