From fc02656a8cf8da661fd8262184cc4211a37038a2 Mon Sep 17 00:00:00 2001
From: Jan Janssen <jan-janssen@users.noreply.github.com>
Date: Thu, 16 Nov 2023 11:29:29 +0100
Subject: [PATCH] Use trusted publisher action

---
 .github/workflows/deploy.yml | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 363867d..9613680 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -1,19 +1,27 @@
+# This workflow is used to upload and deploy a new release to PyPi
+# Based on https://github.com/pypa/gh-action-pypi-publish
+
 name: PyPi Release
 
 on:
     push:
     pull_request:
+    workflow_dispatch:
 
-# based on https://github.com/pypa/gh-action-pypi-publish
 jobs:
   build:
+    if: startsWith(github.event.ref, 'refs/tags') || github.event_name == 'release'
     runs-on: ubuntu-latest
-
+    environment:
+      name: pypi
+      url: https://pypi.org/p/pysqa
+    permissions:
+      id-token: write
     steps:
     - uses: actions/checkout@v2
     - uses: actions/setup-python@v2
       with:
-        python-version: "3.10"
+        python-version: "3.11"
 
     - name: Install dependencies
       run: >-
@@ -25,8 +33,4 @@ jobs:
       run: >-
         python setup.py sdist bdist_wheel
     - name: Publish distribution 📦 to PyPI
-      if: startsWith(github.event.ref, 'refs/tags') || github.event_name == 'release'
-      uses: pypa/gh-action-pypi-publish@master
-      with:
-        user: __token__
-        password: ${{ secrets.pypi_password }}
+      uses: pypa/gh-action-pypi-publish@release/v1