From 51080e80b561849e31e60490b808a3cf701b976c Mon Sep 17 00:00:00 2001
From: Jakub Boukal <www.bagr@gmail.com>
Date: Thu, 25 Jan 2024 13:51:07 +0100
Subject: [PATCH] Use Trusted Publishers to publish to PyPi

---
 .github/workflows/ci.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3718707..f834901 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -60,6 +60,11 @@ jobs:
     runs-on: ubuntu-latest
     needs: [linter, test]
     if: startsWith(github.ref, 'refs/tags/v')
+    # Specifying a GitHub environment is optional, but strongly encouraged
+    environment: release
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
     steps:
     - uses: actions/checkout@v4.1.1
     - name: Set up Python
@@ -79,5 +84,3 @@ jobs:
         --outdir dist/
     - name: Build and publish 📦 to PyPI
       uses: pypa/gh-action-pypi-publish@v1.8.11
-      with:
-        password: ${{ secrets.PYPI_API_TOKEN }}