From 079ec1cef8fc9289517e5ee546119cfe453fc4d6 Mon Sep 17 00:00:00 2001
From: Sam Clements <sam@borntyping.co.uk>
Date: Sat, 2 Dec 2023 16:40:05 +0000
Subject: [PATCH] Publish with a Trusted Publisher

---
 .github/workflows/ci.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 455a92e..7f2b102 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -52,7 +52,11 @@ jobs:
         run: "python -m pytest"
   publish:
     name: "📦 Publish Python distributions"
+    if: "startsWith(github.ref, 'refs/tags')"
     runs-on: "ubuntu-latest"
+    environment: "publish"
+    permissions:
+      id-token: write
     strategy:
       matrix:
         python-version:
@@ -69,8 +73,5 @@ jobs:
         run: "python -m pip install wheel --user"
       - name: "🐍 Build a binary wheel and a source tarball"
         run: "python setup.py sdist bdist_wheel"
-      - name: "📦 Publish distribution to PyPI"
+      - name: "📦 Publish package distributions to PyPI"
         uses: "pypa/gh-action-pypi-publish@release/v1"
-        if: "startsWith(github.ref, 'refs/tags')"
-        with:
-          password: "${{ secrets.pypi_password }}"