From 4a93758feb710ea74f55486eb472669b936586fa Mon Sep 17 00:00:00 2001
From: Stephanos Ioannidis <root@stephanos.io>
Date: Thu, 3 Oct 2024 19:57:47 +0900
Subject: [PATCH] ci: Use PyPI trusted publisher

This commit updates the CI release workflow to use the PyPI "trusted
publisher" package publishing mechanism.

Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
---
 .github/workflows/release.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f5088c8..c95d74c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,9 +14,13 @@ jobs:
 
   release:
     name: Release
+    environment: release
     needs: [ ci ]
     runs-on: ubuntu-20.04
 
+    permissions:
+      id-token: write
+
     steps:
     - name: Download build artifacts
       uses: actions/download-artifact@v4
@@ -37,5 +41,4 @@ jobs:
     - name: Publish package to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        password: ${{ secrets.PYPI_API_TOKEN }}
         packages-dir: assets/